CVE-2020-13591

CVE-2020-13591 affects Rukovoditel Project Management App 2.7.2, in the authenticated/CSRF-possible SQL injection path on the “access_rules/rules_form” page. The root cause is an unsanitized entities_id parameter used in a SQL query, enabling an attacker with admin rights or via CSRF to craft req...