Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2020-13588 - Vulnerability Database
Rukovoditel

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2020-13588

High
Reference: CVE-2020-13588
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-13588
Title: Rukovoditel Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

An exploitable SQL injection vulnerability exists in the entities/fields page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in entities/fields page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability this can be done either with administrator credentials or through cross-site request forgery.