Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rukovoditel vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-11813
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. This copyright text is on every page so this attack vector can be very dangero...
Rukovoditel Rukovoditel 2.5.2
9.8
CVSSv3
CVE-2020-11815
In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs without the Maintenance Mode setting.
Rukovoditel Rukovoditel 2.5.2
9.8
CVSSv3
CVE-2020-11816
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter.
Rukovoditel Rukovoditel 2.5.2
9.8
CVSSv3
CVE-2020-11817
In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs with the Maintenance Mode setting.
Rukovoditel Rukovoditel 2.5.2
9.8
CVSSv3
CVE-2020-11819
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.
Rukovoditel Rukovoditel 2.5.2
1 Github repository
9.8
CVSSv3
CVE-2020-11820
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter.
Rukovoditel Rukovoditel 2.5.2
NA
CVE-2024-34468
Rukovoditel prior to 3.5.3 allows XSS via user_photo to My Page.
NA
CVE-2024-34469
Rukovoditel prior to 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save.
1 Github repository
8.8
CVSSv3
CVE-2021-30224
Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows malicious users to create an admin user with an arbitrary credentials.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5