CVE-2020-13588

CVE-2020-13588

An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.

Source: CVE-2020-13588

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다