Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rukovoditel vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2019-7400
Rukovoditel prior to 2.4.1 allows XSS.
Rukovoditel Rukovoditel
1 EDB exploit
435
VMScore
CVE-2019-7541
Rukovoditel up to and including 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring.
Rukovoditel Rukovoditel
1 EDB exploit
312
VMScore
CVE-2020-11813
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. This copyright text is on every page so this attack vector can be very dangero...
Rukovoditel Rukovoditel 2.5.2
605
VMScore
CVE-2020-11815
In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs without the Maintenance Mode setting.
Rukovoditel Rukovoditel 2.5.2
668
VMScore
CVE-2020-11816
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter.
Rukovoditel Rukovoditel 2.5.2
605
VMScore
CVE-2020-11818
In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. This protection mechanism can be bypassed with another user's valid token. Thus, an attacker can change the Admin password by using a CSRF attack and escalate his/her privileges.
Rukovoditel Rukovoditel 2.5.2
668
VMScore
CVE-2020-11819
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.
Rukovoditel Rukovoditel 2.5.2
1 Github repository
668
VMScore
CVE-2020-11820
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter.
Rukovoditel Rukovoditel 2.5.2
383
VMScore
CVE-2020-11822
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data.
Rukovoditel Rukovoditel 2.5.2
NA
CVE-2022-43164
A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after cl...
Rukovoditel Rukovoditel 3.2.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »