Rukovoditel Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2020-11816 - Vulnerability Database
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2020-11816
Critical
Reference:
CVE-2020-11816
Title:
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter.