CVE-2024-28298

MEDIUM Year: 2024
CVSS v3 Score
6.0
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other parameters to /BMServerR.dll/BMRest.

Related Vulnerabilities

CVE-2024-37791

MEDIUM
CVSS:6.0(Medium)

DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability via the keyword parameter at /article/Content/index?class_id.

CWE-892024

CVE-2024-50801

MEDIUM
CVSS:6.0(Medium)

A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/collections.php. The vulnerability is exploitable via t...

CWE-892024

CVE-2024-50802

MEDIUM
CVSS:6.0(Medium)

A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/email_templates.php. The vulnerability is exploitable v...

CWE-892024

CVE-2020-4035

MEDIUM
CVSS:5.9(Medium)

In WatermelonDB (NPM package "@nozbe/watermelondb") before versions 0.15.1 and 0.16.2, a maliciously crafted record ID can exploit a SQL Injection vulnerability in iOS adapter implementation and cause...

CWE-892020

CVE-2020-5725

MEDIUM
CVSS:5.9(Medium)

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafte...

CWE-892020

CVE-2021-1380

MEDIUM
CVSS:6.1(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P...

CWE-892021