High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-02	CVE-2024-28298	SQL Injection vulnerability in E-Bmsoft Bmplanning 1.0.0.1 SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other parameters to /BMServerR.dll/BMRest. network low complexity e-bmsoft CWE-89	8.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.