Vulnerability — CVE-2024-28298

CVE-2024-28298

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2024-28298
Description:: SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other parameters to /BMServerR.dll/BMRest.
Last updated date:: 09/11/2024

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/11/2024
Reference url to background: https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2024-28298_BMPlanning%28BM-Soft%29_Authenticated%20SQLI.pdf