Lucene search
K

26 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:17 p.m.7 views

CVE-2020-13588

An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The headingfieldid parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this...

8.8CVSS7.8AI score0.00968EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:17 p.m.8 views

CVE-2020-13587

An exploitable SQL injection vulnerability exists in the "formsfieldsrules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done...

8.8CVSS7.7AI score0.01507EPSS
Exploits1
NVD
NVD
added 2022/04/18 5:15 p.m.11 views

CVE-2020-13590

Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done...

7.2CVSS0.00821EPSS
Exploits1References1
Prion
Prion
added 2022/04/18 5:15 p.m.14 views

Sql injection

Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done...

6.5CVSS7.8AI score0.00821EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/04/18 4:15 p.m.51 views

CVE-2020-13590

Concrete details found: CVE-2020-13590 affects Rukovoditel Project Management App 2.7.2. Multiple authenticated SQL injection vulnerabilities exist in the ntities/fieldse page, triggered via actions such as mulitple_edit, copy_selected, and export. Exploitable parameters include entities_id, he...

7.2CVSS7.8AI score0.00821EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/04/18 4:15 p.m.21 views

CVE-2020-13590

Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done...

5.4CVSS8AI score0.00821EPSS
Exploits1References1
OSV
OSV
added 2021/08/17 8:15 p.m.5 views

CVE-2020-13588

An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The headingfieldid parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this...

8.8CVSS6.3AI score
Exploits0References1
NVD
NVD
added 2021/08/17 8:15 p.m.16 views

CVE-2020-13589

An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entitiesid parameter in the 'entities/fields page mulitpleedit or copyselected or export function is vulnerable to authenticated SQL injection. An attacker can make...

8.8CVSS0.00968EPSS
Exploits1References1
Prion
Prion
added 2021/08/17 8:15 p.m.20 views

Sql injection

An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The headingfieldid parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this...

6.8CVSS8.8AI score0.00968EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/08/17 7:14 p.m.76 views

CVE-2020-13589

CVE-2020-13589 affects Rukovoditel Project Management App 2.7.2. The vulnerability exists in the web page “entities/fields” where the parameters entities_id, selected_fields, and heading_field_id are used in unauthenticated/authenticated SQL queries (mulitple_edit, copy_selected, export). The roo...

8.8CVSS8.8AI score0.00968EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/08/17 7:14 p.m.26 views

CVE-2020-13589

An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entitiesid parameter in the 'entities/fields page mulitpleedit or copyselected or export function is vulnerable to authenticated SQL injection. An attacker can make...

5.4CVSS8.9AI score0.00968EPSS
Exploits1References1
CVE
CVE
added 2021/08/17 7:14 p.m.85 views

CVE-2020-13588

CVE-2020-13588 affects Rukovoditel Project Management App version 2.7.2, with multiple authenticated SQL injection vulnerabilities in the entities/fields page, including the heading_field_id parameter and related parameters (entities_id, selected_fields). Talos confirms exploitable flaws that req...

8.8CVSS8.8AI score0.00968EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/08/17 7:14 p.m.28 views

CVE-2020-13588

An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The headingfieldid parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this...

5.4CVSS8.9AI score0.00968EPSS
Exploits1References1
CNVD
CNVD
added 2021/04/14 12:0 a.m.6 views

Rukovoditel SQL Injection Vulnerability (CNVD-2021-28755)

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management , customer relationship management and other functions . Rukovoditel Project Management App 2.7.2 suffers from a SQL injection vulnerability that can be trigger...

8.8CVSS7.6AI score0.01507EPSS
Exploits1References1
NVD
NVD
added 2021/04/09 6:15 p.m.16 views

CVE-2020-13587

An exploitable SQL injection vulnerability exists in the "formsfieldsrules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done...

8.8CVSS0.01507EPSS
Exploits1References1
Prion
Prion
added 2021/04/09 6:15 p.m.13 views

Sql injection

An exploitable SQL injection vulnerability exists in the "formsfieldsrules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done...

6.8CVSS8.7AI score0.01507EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/04/09 6:15 p.m.12 views

Sql injection

An exploitable SQL injection vulnerability exists in the "accessrules/rulesform" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done...

6.8CVSS8.7AI score0.01507EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/04/09 6:15 p.m.12 views

Sql injection

An exploitable SQL injection vulnerability exists in "globallists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either wi...

6.8CVSS8.7AI score0.01507EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/04/09 5:48 p.m.16 views

CVE-2020-13592

An exploitable SQL injection vulnerability exists in "globallists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either wi...

5.4CVSS8.9AI score0.01507EPSS
Exploits1References1
CVE
CVE
added 2021/04/09 5:48 p.m.67 views

CVE-2020-13592

CVE-2020-13592 refers to an exploitable SQL injection in the Rukovoditel Project Management App 2.7.2, on the page global_lists/choices . The vulnerability arises from lack of input validation in the query that uses the lists_id parameter, allowing an attacker with an authenticated session to per...

8.8CVSS8.8AI score0.01507EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder