mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 19:16:22 +00:00
976 B
976 B
CVE-2020-13525
&color=brighgreen)
Description
The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
POC
Reference
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1126
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1126
Github
No PoCs found on GitHub currently.