Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rukovoditel rukovoditel vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-11822
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data.
Rukovoditel Rukovoditel 2.5.2
5.4
CVSSv3
CVE-2020-35986
A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
Rukovoditel Rukovoditel 2.7.2
8.8
CVSSv3
CVE-2018-20166
A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in &qu...
Rukovoditel Rukovoditel 2.3.1
5.4
CVSSv3
CVE-2020-35984
A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.
Rukovoditel Rukovoditel 2.7.2
5.4
CVSSv3
CVE-2020-35985
A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
Rukovoditel Rukovoditel 2.7.2
5.4
CVSSv3
CVE-2020-35987
A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
Rukovoditel Rukovoditel 2.7.2
8.8
CVSSv3
CVE-2020-13587
An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulne...
Rukovoditel Rukovoditel 2.7.2
8.8
CVSSv3
CVE-2020-13588
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can m...
Rukovoditel Rukovoditel 2.7.2
8.8
CVSSv3
CVE-2020-13589
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entities_id parameter in the 'entities/fields page (mulitple_edit or copy_selected or export function) is vulnerable to authentica...
Rukovoditel Rukovoditel 2.7.2
7.2
CVSSv3
CVE-2020-13590
Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerab...
Rukovoditel Rukovoditel 2.7.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »