CVE-2020-13590

CVSS 5.4 MEDIUMEPSS 0.8%CWE-89

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.4EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

18 Apr 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done either with administrator credentials or through cross-site request forgery.

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Affected products

Rukovoditel · Project Management App

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1199