Security Advisory

CVE-2020-13590

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-04-18 16:15:23
Last updated 2025-04-15 19:05:01
Assigner talos
State PUBLISHED

Description

Multiple exploitable SQL injection vulnerabilities exist in the entities/fields page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done either with administrator credentials or through cross-site request forgery.