Arbitrary PHP File Injection Vulnerability in Rukovoditel 2.5.2

Arbitrary PHP File Injection Vulnerability in Rukovoditel 2.5.2

CVE-2020-11819 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.

Learn more about our Web Application Penetration Testing UK.