Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2020-13592 - Vulnerability Database
Rukovoditel

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2020-13592

High
Reference: CVE-2020-13592
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-13592
Title: Rukovoditel Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

An exploitable SQL injection vulnerability exists in quotglobal_lists/choicesquot page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability this can be done either with administrator credentials or through cross-site request forgery.