Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
&color=brightgreen)
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1199
- https://github.com/20142995/nuclei-templates
- https://github.com/Live-Hack-CVE/CVE-2020-13588
- https://github.com/cyb3r-w0lf/nuclei-template-collection