Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done either with administrator credentials or through cross-site request forgery.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: talos
Published: 2022-04-18T16:15:23.949806Z
Updated: 2024-09-16T17:53:06.089Z
Reserved: 2020-05-26T00:00:00
Link: CVE-2020-13590
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-04-18T17:15:12.170
Modified: 2022-04-26T18:59:19.927
Link: CVE-2020-13590
Redhat
No data.