Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rukovoditel vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-7400
Rukovoditel prior to 2.4.1 allows XSS.
Rukovoditel Rukovoditel
1 EDB exploit
6.1
CVSSv3
CVE-2019-7541
Rukovoditel up to and including 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring.
Rukovoditel Rukovoditel
1 EDB exploit
5.4
CVSSv3
CVE-2022-43185
A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.
Rukovoditel Rukovoditel 3.2.1
1 Github repository
9.8
CVSSv3
CVE-2022-48175
Rukovoditel v3.2.1 exists to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request.
Rukovoditel Rukovoditel 3.2.1
1 Github repository
6.1
CVSSv3
CVE-2020-21732
Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename.
Rukovoditel Rukovoditel 2.6
5.4
CVSSv3
CVE-2020-35986
A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
Rukovoditel Rukovoditel 2.7.2
9.8
CVSSv3
CVE-2020-11812
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[0][value] or filters[1][value] parameter.
Rukovoditel Rukovoditel 2.5.2
9.8
CVSSv3
CVE-2020-11816
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter.
Rukovoditel Rukovoditel 2.5.2
9.8
CVSSv3
CVE-2020-11819
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.
Rukovoditel Rukovoditel 2.5.2
1 Github repository
5.3
CVSSv3
CVE-2020-11821
In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them.
Rukovoditel Rukovoditel 2.5.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »