CVE-2024-28298 | BM SOFT BMPlanning 1.0.0.1 /BMServerR.dll/BMRest SEC_IDF/LIE_IDF/PLANF_IDF/CLI_IDF/DOS_IDF sql injection

Inserito da Angelo Barbosa | Ago 2, 2024 | CVE

A vulnerability classified as critical was found in BM SOFT BMPlanning 1.0.0.1. Affected by this vulnerability is an unknown functionality in the library /BMServerR.dll/BMRest. The manipulation of the argument SEC_IDF/LIE_IDF/PLANF_IDF/CLI_IDF/DOS_IDF leads to sql injection.

This vulnerability is known as CVE-2024-28298. The attack needs to be approached within the local network. There is no exploit available.

CVE-2024-28298 | BM SOFT BMPlanning 1.0.0.1 /BMServerR.dll/BMRest SEC_IDF/LIE_IDF/PLANF_IDF/CLI_IDF/DOS_IDF sql injection

Post correlati

CVE-2024-7484 | CRM Perks Forms Plugin up to 1.1.3 on WordPress unrestricted upload

CVE-2023-48268 | Mattermost up to 7.8.12/8.1.3/9.0.1/9.1.0 Zip resource consumption

CVE-2023-5592 | Phoenix Contact MULTIPROG/ProConOS eCLR code download (VDE-2023-054)

CVE-2024-27325 | Tracker Software PDF-XChange Editor EMF File Parser out-of-bounds