Vulnerabilities

CVE-2020-13526

by Fred · 10/12/2020

SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTables_Ajax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an authenticated HTTP request to trigger these vulnerabilities.

Date published : 2020-12-10

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1126

Similar

Tags: Cybersecurity Alert