Rukovoditel Support Forum

I can't quite grasp your point. This is not related to PHP, JS, or HTML in any way? If this functionality were specifically designed to run database queries (which doesn't seem to be the case here), then maybe it would make sense to say it's a feature... and, in any case, a sandbox would be advised ...

Hello, I've identified an SQL Injection vulnerability in the Users Login Log functionality. Below is shown a normal request sent to the functionality. sqli.png And here is a request with a time-based payload, where one can note that the request takes a while to process due to sleep(). sqli1.png This...