2020-04-16 17:42:34
mitre
PUBLISHED
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.