exploitDog

CVE-2024-28298

Опубликовано: 02 авг. 2024

Источник: nvd

CVSS3: 8.8

CVSS3: 6

EPSS Низкий

Описание

SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other parameters to /BMServerR.dll/BMRest.

Ссылки

https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2024-28298_BMPlanning%28BM-Soft%29_Authenticated%20SQLI.pdf
Exploit
Third Party Advisory
https://www.e-bmsoft.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:e-bmsoft:bmplanning:1.0.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00073

Низкий

8.8 High

CVSS3

6 Medium

CVSS3

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-wpjv-3phj-f64x

CVSS3: 6

github

больше 1 года назад

SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other parameters to /BMServerR.dll/BMRest.

EPSS

Процентиль: 23%

0.00073

Низкий

8.8 High

CVSS3

6 Medium

CVSS3

Дефекты

CWE-89

CWE-89