2 matches found
CVE-2020-13588
CVE-2020-13588 affects Rukovoditel Project Management App version 2.7.2, with multiple authenticated SQL injection vulnerabilities in the entities/fields page, including the heading_field_id parameter and related parameters (entities_id, selected_fields). Talos confirms exploitable flaws that req...
Rukovoditel Project Management App multiple SQL injection vulnerabilities in the 'entities/fields' page
Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can b...