CVE-2024-28298

2024-08-0200:00:00

mitre

www.cve.org

sql injection

bmplanning

bm soft

authenticated users

arbitrary commands

bmrest

EPSS

0.001

Percentile

20.0%

JSON

SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other parameters to /BMServerR.dll/BMRest.

References

github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2024-28298_BMPlanning%28BM-Soft%29_Authenticated%20SQLI.pdf

www.e-bmsoft.com/

EPSS

0.001

Percentile

20.0%

JSON

Related for CVELIST:CVE-2024-28298