Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rukovoditel vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-44951
Rukovoditel v3.2.1 exists to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload...
Rukovoditel Rukovoditel 3.2.1
NA
CVE-2022-44952
Rukovoditel v3.2.1 exists to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field a...
Rukovoditel Rukovoditel 3.2.1
NA
CVE-2022-43288
Rukovoditel v3.2.1 exists to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php.
Rukovoditel Rukovoditel 3.2.1
312
VMScore
CVE-2020-18469
Stored cross-site scripting (XSS) vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote malicious users to inject arbitrary web script or HTML via a crafted website name by doing an authenticated PO...
Rukovoditel Rukovoditel 2.4.1
NA
CVE-2022-44949
Rukovoditel v3.2.1 exists to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload i...
Rukovoditel Rukovoditel 3.2.1
NA
CVE-2022-44950
Rukovoditel v3.2.1 exists to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload i...
Rukovoditel Rukovoditel 3.2.1
312
VMScore
CVE-2020-18470
Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote malicious users to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP reques...
Rukovoditel Rukovoditel 2.4.1
NA
CVE-2022-48175
Rukovoditel v3.2.1 exists to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request.
Rukovoditel Rukovoditel 3.2.1
1 Github repository
605
VMScore
CVE-2020-11818
In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. This protection mechanism can be bypassed with another user's valid token. Thus, an attacker can change the Admin password by using a CSRF attack and escalate his/her privileges.
Rukovoditel Rukovoditel 2.5.2
445
VMScore
CVE-2020-11821
In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them.
Rukovoditel Rukovoditel 2.5.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »