CVE-2020-13526

SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTablesAjax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an authenticated HTT...

PT-2020-13603 · Processmaker · Processmaker

Name of the Vulnerable Software and Affected Versions: ProcessMaker version 3.4.11 Description: A SQL injection issue exists in the handling of sort parameters. The sort parameter in the reportTables Ajax and clientSetupAjax pages is vulnerable to SQL injection. An attacker can make an...

PT-2020-13602 · Processmaker · Processmaker

Name of the Vulnerable Software and Affected Versions: ProcessMaker version 3.4.11 Description: The sort parameter in the download page "/sysworkflow/en/neoclassic/reportTables/reportTables Ajax" is vulnerable to SQL injection. A specially crafted HTTP request can cause an SQL injection. An...

Processmaker SQL注入漏洞

ProcessMaker is a software suite for workflow management that can be used to automate workflows, create documents, assign roles and users to processes, and more. download page /sysworkflow/en/neoclassic/reportTables/ in ProcessMaker 3.4.11 A SQL injection vulnerability exists in the sort paramete...