CVE-2024-28298

SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SECIDF, LIEIDF, PLANFIDF, CLIIDF, DOSIDF, and possibly other parameters to /BMServerR.dll/BMRest...

CVE-2024-28298

SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SECIDF, LIEIDF, PLANFIDF, CLIIDF, DOSIDF, and possibly other parameters to /BMServerR.dll/BMRest...

CVE-2024-28298

SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SECIDF, LIEIDF, PLANFIDF, CLIIDF, DOSIDF, and possibly other parameters to /BMServerR.dll/BMRest...

CVE-2024-28298

SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SECIDF, LIEIDF, PLANFIDF, CLIIDF, DOSIDF, and possibly other parameters to /BMServerR.dll/BMRest...

PT-2024-22384 · Bm Soft · Bmplanning

Name of the Vulnerable Software and Affected Versions: BM SOFT BMPlanning version 1.0.0.1 Description: The issue allows authenticated users to execute arbitrary SQL commands via parameters such as SEC IDF, LIE IDF, PLANF IDF, CLI IDF, DOS IDF, and possibly others to the "/BMServerR.dll/BMRest" AP...

CVE-2024-28298

CVE-2024-28298 is a SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1. Authenticated users can pass crafted values to /BMServerR.dll/BMRest via parameters such as SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, and DOS_IDF to execute arbitrary SQL commands. Public references (NVD/Red Hat/CVE record...