A vulnerability classified as critical was found in BM SOFT BMPlanning 1.0.0.1. Affected by this vulnerability is an unknown functionality in the library /BMServerR.dll/BMRest. The manipulation of the argument SEC_IDF/LIE_IDF/PLANF_IDF/CLI_IDF/DOS_IDF leads to sql injection.

This vulnerability is known as CVE-2024-28298. The attack needs to be approached within the local network. There is no exploit available.