CVE-2019-13027
Realization Concerto Critical Chain Planner (CCPM) 5.10.8071 has an SQL Injection in the taskupdt/taskdetails.aspx page via the projectname parameter. Root cause cited: lack of input validation leading to unsanitized SQL statements. Impact described as the ability to execute arbitrary SQL command...