Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rukovoditel vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-48175
Rukovoditel v3.2.1 exists to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request.
Rukovoditel Rukovoditel 3.2.1
1 Github repository
312
VMScore
CVE-2020-35984
A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.
Rukovoditel Rukovoditel 2.7.2
312
VMScore
CVE-2020-35985
A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
Rukovoditel Rukovoditel 2.7.2
312
VMScore
CVE-2020-35986
A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
Rukovoditel Rukovoditel 2.7.2
312
VMScore
CVE-2020-35987
A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
Rukovoditel Rukovoditel 2.7.2
605
VMScore
CVE-2020-13592
An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...
Rukovoditel Rukovoditel 2.7.2
605
VMScore
CVE-2020-13591
An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulner...
Rukovoditel Rukovoditel 2.7.2
605
VMScore
CVE-2021-30224
Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows malicious users to create an admin user with an arbitrary credentials.
Rukovoditel Rukovoditel 2.8.3
605
VMScore
CVE-2020-13587
An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulne...
Rukovoditel Rukovoditel 2.7.2
605
VMScore
CVE-2020-13588
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can m...
Rukovoditel Rukovoditel 2.7.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »