Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rukovoditel vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-11822
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data.
Rukovoditel Rukovoditel 2.5.2
5.4
CVSSv3
CVE-2020-35986
A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
Rukovoditel Rukovoditel 2.7.2
8.8
CVSSv3
CVE-2018-20166
A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in &qu...
Rukovoditel Rukovoditel 2.3.1
5.4
CVSSv3
CVE-2020-35984
A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.
Rukovoditel Rukovoditel 2.7.2
5.4
CVSSv3
CVE-2020-35985
A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
Rukovoditel Rukovoditel 2.7.2
5.4
CVSSv3
CVE-2020-35987
A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
Rukovoditel Rukovoditel 2.7.2
8.8
CVSSv3
CVE-2020-13587
An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulne...
Rukovoditel Rukovoditel 2.7.2
8.8
CVSSv3
CVE-2020-13588
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can m...
Rukovoditel Rukovoditel 2.7.2
8.8
CVSSv3
CVE-2020-13589
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entities_id parameter in the 'entities/fields page (mulitple_edit or copy_selected or export function) is vulnerable to authentica...
Rukovoditel Rukovoditel 2.7.2
7.2
CVSSv3
CVE-2020-13590
Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerab...
Rukovoditel Rukovoditel 2.7.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »