Full Report
SQL Injection vulnerability (CVE-2026-50644) has been found in SOPlanning software.
Analysis Summary
# Vulnerability: SQL Injection in SOPlanning Audit Configuration
## CVE Details
- **CVE ID:** CVE-2026-50644
- **CVSS Score:** Not explicitly listed in the source, but likely High (estimated 7.2 - 8.8 based on vector)
- **CWE:** CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
## Affected Systems
- **Products:** SOPlanning
- **Versions:** All versions prior to 1.56.01
- **Configurations:** Systems where the audit retention configuration is actively used.
## Vulnerability Description
A SQL injection vulnerability exists within the audit retention configuration module of SOPlanning. The application fails to properly neutralize user-supplied input in the audit configuration form. An attacker can inject malicious SQL commands into this form, which are then stored in the database. The vulnerability is triggered and the malicious payload is executed when the audit functionality is subsequently accessed by any user.
## Exploitation
- **Status:** PoC available (coordinated disclosure completed)
- **Complexity:** Low
- **Attack Vector:** Network (Web-based application interface)
- **Privileges Required:** Requires `parameters_all` permissions to access and modify the configuration form.
## Impact
- **Confidentiality:** High (Potential unauthorized extraction of database contents)
- **Integrity:** High (Potential modification or deletion of database records)
- **Availability:** Medium/High (Potential for database disruption or service denial)
## Remediation
### Patches
- **Update to version 1.56.01** or later. This version contains the official fix for the SQL injection flaw.
### Workarounds
- **Restrict Permissions:** Immediately revoke the `parameters_all` permission from non-trusted or unnecessary user accounts.
- **Input Filtering:** Monitor and filter outgoing/incoming SQL queries for suspicious patterns (e.g., unexpected `UNION SELECT` or `SLEEP` commands) at the Web Application Firewall (WAF) layer.
## Detection
- **Indicators of Compromise:** Unusual SQL syntax appearing in audit logs or configuration tables.
- **Detection methods and tools:**
- Audit the `parameters_all` privilege assignments within the SOPlanning user management.
- Use database activity monitoring to identify unexpected queries originating from the audit module.
## References
- **CVE Record:** hxxps[://]www[.]cve[.]org/CVERecord?id=CVE-2026-50644
- **CERT Polska Advisory:** hxxps[://]cert[.]pl/en/posts/2026/07/CVE-2026-50644/
- **CVD Policy:** hxxps[://]cert[.]pl/en/cvd/