CVE-2020-13591: SQL Injection
First published: Fri Apr 09 2021(Updated: )
An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rukovoditel Rukovoditel | =2.7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2020-13591.
What is the severity of CVE-2020-13591?
The severity of CVE-2020-13591 is high with a severity value of 8.8.
What is the affected software for CVE-2020-13591?
The affected software for CVE-2020-13591 is Rukovoditel Project Management App 2.7.2.
What is the CWE ID for CVE-2020-13591?
The CWE ID for CVE-2020-13591 is CWE-89.
How can the SQL injection vulnerability be exploited in CVE-2020-13591?
The SQL injection vulnerability in CVE-2020-13591 can be exploited by sending a specially crafted HTTP request to the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2.
- collector/nvd-index
- vendor/rukovoditel
- canonical/rukovoditel rukovoditel
- version/rukovoditel rukovoditel/2.7.2