exploitDog

GHSA-wpjv-3phj-f64x

Опубликовано: 02 авг. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 6

Описание

SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other parameters to /BMServerR.dll/BMRest.

SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other parameters to /BMServerR.dll/BMRest.

Ссылки

EPSS

Процентиль: 22%

0.00073

Низкий

6 Medium

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2024-28298

CVSS3: 8.8

nvd

больше 1 года назад

SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other parameters to /BMServerR.dll/BMRest.

EPSS

Процентиль: 22%

0.00073

Низкий

6 Medium

CVSS3

CVE ID

Дефекты

CWE-89