Rukovoditel Security Vulnerabilities and Issues — Rukovoditel CVE List

Lucene search

RukovoditelRukovoditel

4 matches found

CVE•added 2021/04/09 6:15 p.m.•57 views

CVE-2020-13587

An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done ei...

8.8CVSS8.8AI score0.04422EPSS

CVE•added 2021/04/09 6:15 p.m.•55 views

CVE-2020-13592

An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either wit...

8.8CVSS8.8AI score0.0393EPSS

CVE•added 2021/04/09 6:15 p.m.•49 views

CVE-2020-13591

An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done eit...

8.8CVSS8.8AI score0.03703EPSS

CVE•added 2021/04/29 3:15 p.m.•35 views

CVE-2021-30224

Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials.

8.8CVSS8.7AI score0.00113EPSS