Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2020-13591 - Vulnerability Database
Rukovoditel

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2020-13591

High
Reference: CVE-2020-13591
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-13591
Title: Rukovoditel Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

An exploitable SQL injection vulnerability exists in the quotaccess_rules/rules_formquot page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability this can be done either with administrator credentials or through cross-site request forgery.