VYPR
High severity8.8NVD Advisory· Published Aug 2, 2024· Updated Jun 17, 2026

CVE-2024-28298

CVE-2024-28298

Description

SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other parameters to /BMServerR.dll/BMRest.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • BM SOFT/BMPlanningcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: = 1.0.0.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.