SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other parameters to /BMServerR.dll/BMRest.
References
Link | Resource |
---|---|
https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2024-28298_BMPlanning%28BM-Soft%29_Authenticated%20SQLI.pdf | Exploit Third Party Advisory |
https://www.e-bmsoft.com/ | Product |
Configurations
History
11 Sep 2024, 14:54
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:e-bmsoft:bmplanning:1.0.0.1:*:*:*:*:*:*:* | |
First Time |
E-bmsoft bmplanning
|
11 Sep 2024, 14:44
Type | Values Removed | Values Added |
---|---|---|
First Time |
E-bmsoft bm Planning
E-bmsoft |
|
CPE | cpe:2.3:a:e-bmsoft:bm_planning:1.0.0.1:*:*:*:*:*:*:* | |
References | () https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2024-28298_BMPlanning%28BM-Soft%29_Authenticated%20SQLI.pdf - Exploit, Third Party Advisory | |
References | () https://www.e-bmsoft.com/ - Product | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
23 Aug 2024, 16:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-89 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.0 |
05 Aug 2024, 12:41
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
02 Aug 2024, 19:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-02 19:16
Updated : 2024-09-11 14:54
NVD link : CVE-2024-28298
Mitre link : CVE-2024-28298
CVE.ORG link : CVE-2024-28298
JSON object : View
Products Affected
e-bmsoft
- bmplanning
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')