3 matches found
CVE-2021-30224
Cross Site Request Forgery CSRF in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials...
CVE-2020-11820
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entitiesid parameter...
CVE-2020-11821
In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them...