Products
BM SOFT BMPlanning
- 1.0.0.1
Source
cve@mitre.org
Tags
CVE-2024-28298 details
Published : Aug. 2, 2024, 7:16 p.m.
Last Modified : Aug. 2, 2024, 7:16 p.m.
Last Modified : Aug. 2, 2024, 7:16 p.m.
Description
SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other parameters to /BMServerR.dll/BMRest.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2024-28298_BMPlanning%28BM-Soft%29_Authenticated%20SQLI.pdf | cve@mitre.org |
| https://www.e-bmsoft.com/ | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.