CVE-2026-31845

A reflected cross-site scripting XSS vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint /api/tel/zadarma.php. The application directly reflects user-supplied input from the 'zdecho' GET parameter into the HTTP response without proper...

EUVD-2026-21682

A pre-authenticated reflected cross-site scripting XSS vulnerability exists in Rukovoditel CRM version 3.6.4 in the Zadarma telephony API endpoint /api/tel/zadarma.php. The application directly reflects user-supplied input from the 'zdecho' GET parameter into the HTTP response without proper...

CVE-2026-31845

A reflected cross-site scripting XSS vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint /api/tel/zadarma.php. The application directly reflects user-supplied input from the 'zdecho' GET parameter into the HTTP response without proper...

CVE-2026-31845

A reflected cross-site scripting XSS vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint /api/tel/zadarma.php. The application directly reflects user-supplied input from the 'zdecho' GET parameter into the HTTP response without proper...

Rukovoditel Project Management CRM 2.4.1 Local File Inclusion

==================================================================================================================================== | Title : Rukovoditel Project Management CRM 2.4.1 LFI Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Rukovoditel Project Management CRM 2.5.2 - (entities_id) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Rukovoditel Project Management CRM 2.5.2 - 'entitiesid' SQL Injection Blog: https://fatihhcelik.blogspot.com/ Exploit Author: Fatih Çelik Vendor Homepage: https://www.rukovoditel.net/ Software Link:...

Rukovoditel Project Management CRM 2.4.1 Cross Site Scripting

Exploit Title : Rukovoditel Project Management CRM 2.4.1 - XSS Vulnerability DOM BASED Author Discovered By : Mehmet EMIROGLU Date : 29/01/2019 Vendor Homepage : https://www.rukovoditel.net/ Software Link : https://sourceforge.net/projects/rukovoditel/ Affected Versions : 2.4.1 Tested On : Wampp,...

Rukovoditel Project Management CRM 2.4.1 - Cross-Site Scripting

Rukovoditel Project Management CRM 2.4.1 - Cross-Site Scripting Exploit Title : Rukovoditel Project Management CRM 2.4.1 - XSS Vulnerability DOM BASED Author Discovered By : Mehmet EMIROGLU Date : 29/01/2019 Vendor Homepage : https://www.rukovoditel.net/ Software Link :...

Rukovoditel Project Management CRM 2.4.1 SQL Injection

Exploit Title: Rukovoditel Project Management CRM 2.4.1 - 'listsid' SQL Injection Dork: N/A Date: 27-01-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://sourceforge.net/projects/rukovoditel/ Version: 2.4.1 Category: Webapps Tested on: Wampp...

Rukovoditel Project Management CRM 2.4.1 - 'lists_id' SQL Injection

Exploit Title: Rukovoditel Project Management CRM 2.4.1 - 'listsid' SQL Injection Dork: N/A Date: 27-01-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://sourceforge.net/projects/rukovoditel/ Version: 2.4.1 Category: Webapps Tested on: Wampp...

Rukovoditel Project Management CRM 2.3 - path SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: 2.3 Category: Webapps Test...