CVE-2024-28298 Information

Description

SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF LIE_IDF PLANF_IDF CLI_IDF DOS_IDF and possibly other parameters to /BMServerR.dll/BMRest.

Reference

https://www.e-bmsoft.com/ https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2024-28298_BMPlanning%28BM-Soft%29_Authenticated%20SQLI.pdf