High severity8.8NVD Advisory· Published Aug 17, 2021· Updated Jun 17, 2026
CVE-2020-13588
CVE-2020-13588
Description
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: =2.7.2
Patches
Vulnerability mechanics
References
1- talosintelligence.com/vulnerability_reports/TALOS-2020-1199nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.