2 matches found
CVE-2020-13591
An exploitable SQL injection vulnerability exists in the "accessrules/rulesform" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done...
CVE-2020-13591
CVE-2020-13591 affects Rukovoditel Project Management App 2.7.2, in the authenticated/CSRF-possible SQL injection path on the “access_rules/rules_form” page. The root cause is an unsanitized entities_id parameter used in a SQL query, enabling an attacker with admin rights or via CSRF to craft req...