Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
RukovoditelRukovoditel

10 matches found

CVE
CVEadded 2020/04/16 7:15 p.m.71 views

CVE-2020-11819

In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.

9.8CVSS9.6AI score0.29397EPSS
CVE
CVEadded 2020/04/16 7:15 p.m.48 views

CVE-2020-11812

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[0][value] or filters[1][value] parameter.

9.8CVSS9.7AI score0.00309EPSS
CVE
CVEadded 2020/04/16 7:15 p.m.45 views

CVE-2020-11820

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter.

9.8CVSS9.7AI score0.00642EPSS
CVE
CVEadded 2020/04/16 7:15 p.m.43 views

CVE-2020-11818

In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. This protection mechanism can be bypassed with another user's valid token. Thus, an attacker can change the Admin password by using a CSRF attack and escalate his/her privileges.

8.8CVSS8.8AI score0.00053EPSS
CVE
CVEadded 2020/04/16 7:15 p.m.42 views

CVE-2020-11815

In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs without the Maintenance Mode setting.

9.8CVSS9.5AI score0.00878EPSS
CVE
CVEadded 2020/04/16 7:15 p.m.41 views

CVE-2020-11813

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. This copyright text is on every page so this attack vector can be very dangerous.

5.4CVSS5.1AI score0.00281EPSS
CVE
CVEadded 2020/04/16 7:15 p.m.40 views

CVE-2020-11816

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter.

9.8CVSS9.7AI score0.00642EPSS
CVE
CVEadded 2020/04/27 3:15 p.m.37 views

CVE-2020-11821

In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them.

5.3CVSS5.2AI score0.00674EPSS
CVE
CVEadded 2020/04/27 3:15 p.m.34 views

CVE-2020-11817

In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs with the Maintenance Mode setting.

9.8CVSS9.5AI score0.00873EPSS
CVE
CVEadded 2020/04/27 3:15 p.m.33 views

CVE-2020-11822

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data.

6.1CVSS5.9AI score0.00288EPSS