3 matches found
CVE-2020-13587
An exploitable SQL injection vulnerability exists in the "formsfieldsrules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done...
CVE-2020-13587
An exploitable SQL injection vulnerability exists in the "formsfieldsrules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done...
CVE-2020-13587
CVE-2020-13587 affects Rukovoditel Project Management App 2.7.2, with an authenticated SQL injection in the forms_fields_rules/rules page. The root cause is an unsanitized id parameter used in a SQL query, enabling attackers with admin credentials or via CSRF to trigger the vulnerability. Impact ...