Security Advisory

CVE-2020-13588

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-08-17 19:14:19

Last updated 2024-08-04 12:25:16

Assigner talos

State PUBLISHED

Description

An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.

← Browse all CVEs View on cve.org ↗