Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2020-13587 - Vulnerability Database
Rukovoditel

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2020-13587

High
Reference: CVE-2020-13587
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-13587
Title: Rukovoditel Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

An exploitable SQL injection vulnerability exists in the quotforms_fields_rules/rulesquot page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability this can be done either with administrator credentials or through cross-site request forgery.