Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter.Referenceshttps://fatihhcelik.blogspot.com/2020/01/rukovoditel-sql-injection-entitiesid.html
