Description

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter.

Remediation

References

CVE-2020-11820

Related Vulnerabilities

WordPress Plugin Frontend File Manager Arbitrary File Upload (1.8)

WordPress Plugin Tatsu Arbitrary File Upload (3.3.11)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29459)

WebLogic Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-2351)

YetiForce CRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-1411)

Severity

Critical

Classification

CVE-2020-11820 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities