Rukovoditel Security Vulnerabilities and Issues — Rukovoditel CVE List

Lucene search

RukovoditelRukovoditel

10 matches found

CVE•added 2022/12/05 11:15 p.m.•73 views

CVE-2022-45020

Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

8.8CVSS7.7AI score0.00134EPSS

CVE•added 2021/08/17 8:15 p.m.•70 views

CVE-2020-13588

An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this v...

8.8CVSS8.8AI score0.00719EPSS

CVE•added 2022/11/14 3:16 p.m.•64 views

CVE-2022-43288

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php.

8.8CVSS8.9AI score0.00072EPSS

CVE•added 2021/08/17 8:15 p.m.•61 views

CVE-2020-13589

An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entities_id parameter in the 'entities/fields page (mulitple_edit or copy_selected or export function) is vulnerable to authenticated SQL injection. An attacker can m...

8.8CVSS8.8AI score0.00719EPSS

CVE•added 2021/04/09 6:15 p.m.•56 views

CVE-2020-13587

An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done ei...

8.8CVSS8.8AI score0.0333EPSS

CVE•added 2021/04/09 6:15 p.m.•54 views

CVE-2020-13592

An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either wit...

8.8CVSS8.8AI score0.02882EPSS

CVE•added 2021/04/09 6:15 p.m.•48 views

CVE-2020-13591

An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done eit...

8.8CVSS8.8AI score0.02781EPSS

CVE•added 2020/04/16 7:15 p.m.•43 views

CVE-2020-11818

In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. This protection mechanism can be bypassed with another user's valid token. Thus, an attacker can change the Admin password by using a CSRF attack and escalate his/her privileges.

8.8CVSS8.8AI score0.00053EPSS

CVE•added 2019/01/02 6:29 p.m.•42 views

CVE-2018-20166

A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in ".php" with mixed case...

8.8CVSS8.6AI score0.03487EPSS

CVE•added 2021/04/29 3:15 p.m.•34 views

CVE-2021-30224

Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials.

8.8CVSS8.7AI score0.00113EPSS