SAP BPC MS is a business planning and consolidation application from SAP Germany that provides planning, budgeting, forecasting, and financial consolidation functions. SAP BPC MS version 10.0 810 contains a SQL injection vulnerability that stems from the applicationβs lack of validation of externally entered SQL statements, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data.