Vulnerability Details CVE-2020-13525
The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.9%
CVSS Severity
CVSS v3 Score 6.4
CVSS v2 Score 6.5
References
Products affected by CVE-2020-13525
-
cpe:2.3:a:processmaker:processmaker:3.4.11