4 matches found
EUVD-2023-60217
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file...
PT-2025-51951
Name of the Vulnerable Software and Affected Versions Rukovoditel version 3.3.1 Description The software contains a CSV injection issue that allows authenticated users to inject malicious formulas into the firstname field. An attacker can create payloads, such as =calc|a!z|, to execute code when ...
Rukovoditel 3.3.1 - CSV injection Vulnerability
Exploit Title: Rukovoditel 3.3.1 - CSV injection Version: 3.3.1 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Date of found: 27-05-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & POC...
Rukovoditel 3.3.1 Remote Code Execution
Exploit Title: Rukovoditel 3.3.1 - Remote Code Execution RCE Version: 3.3.1 Bugs: rce via jpeg file upload Technology: PHP Vendor URL: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Date of found: 12-03-2023 Author: Mirabbas Ağalarov Tested on: Linux 2...