14 matches found
EUVD-2020-5836
Malware in sbrugna...
EUVD-2020-5835
Malware in sbrugna...
CVE-2022-44950
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add New Field function at /index.php?module=entities/fields&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name...
Cross site scripting
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add New Field function at /index.php?module=entities/fields&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name...
Cross site scripting
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add New Field function at /index.php?module=entities/fields&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short...
Rukovoditel 跨站脚本漏洞
Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management, customer relationship management and other functions. Rukovoditel v3.2.1 version of a security vulnerability , the vulnerability stems from the Add New Field...
Rukovoditel 跨站脚本漏洞
Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management, customer relationship management and other functions. Rukovoditel v3.2.1 version of a security vulnerability , the vulnerability stems from the Add New Field...
CVE-2022-44949
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add New Field function at /index.php?module=entities/fields&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short...
CVE-2020-13590
Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done...
CVE-2020-13589
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entitiesid parameter in the 'entities/fields page mulitpleedit or copyselected or export function is vulnerable to authenticated SQL injection. An attacker can make...
CVE-2020-13588
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The headingfieldid parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this...
PT-2021-9654 · Unknown · Rukovoditel Project Management App
Name of the Vulnerable Software and Affected Versions: Rukovoditel Project Management App version 2.7.2 Description: An exploitable SQL injection issue exists in the 'entities/fields' page. The heading field id parameter in this page is vulnerable to authenticated SQL injection. An attacker can...
PT-2021-9655 · Unknown · Rukovoditel Project Management App
Name of the Vulnerable Software and Affected Versions: Rukovoditel Project Management App version 2.7.2 Description: The issue is related to an exploitable SQL injection vulnerability in the 'entities/fields' page. Specifically, the entities id parameter in this page is vulnerable when using the...
Rukovoditel Project Management App multiple SQL injection vulnerabilities in the 'entities/fields' page
Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can b...