High severity8.8NVD Advisory· Published Aug 2, 2024· Updated Jun 17, 2026
CVE-2024-28298
CVE-2024-28298
Description
SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other parameters to /BMServerR.dll/BMRest.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 1.0.0.1
Patches
Vulnerability mechanics
References
2- github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2024-28298_BMPlanning%28BM-Soft%29_Authenticated%20SQLI.pdfnvdExploitThird Party Advisory
- www.e-bmsoft.comnvdProduct
News mentions
0No linked articles in our index yet.