Vulnerabilities > Rukovoditel

DATE CVE VULNERABILITY TITLE RISK
2021-04-09 CVE-2020-13592 SQL Injection vulnerability in Rukovoditel 2.7.2
An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2.
network
low complexity
rukovoditel CWE-89
8.8
8.8
2021-04-09 CVE-2020-13591 SQL Injection vulnerability in Rukovoditel 2.7.2
An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2.
network
low complexity
rukovoditel CWE-89
8.8
8.8
2021-04-09 CVE-2020-13587 SQL Injection vulnerability in Rukovoditel 2.7.2
An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2.
network
low complexity
rukovoditel CWE-89
8.8
8.8
2020-09-14 CVE-2020-21732 Cross-site Scripting vulnerability in Rukovoditel 2.6
Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS).
network
low complexity
rukovoditel CWE-79
6.1
6.1
2020-04-27 CVE-2020-11822 Cross-site Scripting vulnerability in Rukovoditel 2.5.2
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page.
network
low complexity
rukovoditel CWE-79
6.1
6.1
2020-04-27 CVE-2020-11821 Insufficiently Protected Credentials vulnerability in Rukovoditel 2.5.2
In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing.
network
low complexity
rukovoditel CWE-522
5.3
5.3
2020-04-27 CVE-2020-11817 Unrestricted Upload of File with Dangerous Type vulnerability in Rukovoditel 2.5.2
In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value.
network
low complexity
rukovoditel CWE-434
critical
 9.8
9.8
2020-04-16 CVE-2020-11820 SQL Injection vulnerability in Rukovoditel 2.5.2
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter.
network
low complexity
rukovoditel CWE-89
critical
 9.8
9.8
2020-04-16 CVE-2020-11819 Path Traversal vulnerability in Rukovoditel 2.5.2
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.
network
low complexity
rukovoditel CWE-22
critical
 9.8
9.8
2020-04-16 CVE-2020-11818 Cross-Site Request Forgery (CSRF) vulnerability in Rukovoditel 2.5.2
In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks.
network
low complexity
rukovoditel CWE-352
8.8
8.8