Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2020-13590 - Vulnerability Database
Rukovoditel

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2020-13590

High
Reference: CVE-2020-13590
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-13590
Title: Rukovoditel Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

Multiple exploitable SQL injection vulnerabilities exist in the 39entities/fields39 page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities this can be done either with administrator credentials or through cross-site request forgery.