CVE-2020-13592: SQL Injection
First published: Fri Apr 09 2021(Updated: )
An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rukovoditel Rukovoditel | =2.7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2020-13592.
What is the severity level of CVE-2020-13592?
CVE-2020-13592 has a severity level of 8.8 (high).
What software is affected by CVE-2020-13592?
Rukovoditel Project Management App version 2.7.2 is affected by CVE-2020-13592.
What is the vulnerability description of CVE-2020-13592?
CVE-2020-13592 is an SQL injection vulnerability in the "global_lists/choices" page of Rukovoditel Project Management App 2.7.2, which allows attackers to perform unauthorized SQL queries.
How can an attacker exploit CVE-2020-13592?
An attacker can exploit CVE-2020-13592 by sending a specially crafted HTTP request to the "global_lists/choices" page, leading to SQL injection.
- collector/nvd-index
- vendor/rukovoditel
- canonical/rukovoditel rukovoditel
- version/rukovoditel rukovoditel/2.7.2