mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 11:06:19 +00:00
1022 B
1022 B
CVE-2020-13526
&color=brighgreen)
Description
SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTables_Ajax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an authenticated HTTP request to trigger these vulnerabilities.
POC
Reference
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1126
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1126
Github
No PoCs found on GitHub currently.