Vulnerabilities > Rukovoditel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-09 | CVE-2020-13592 | SQL Injection vulnerability in Rukovoditel 2.7.2 An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. | 8.8 |
| 2021-04-09 | CVE-2020-13591 | SQL Injection vulnerability in Rukovoditel 2.7.2 An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. | 8.8 |
| 2021-04-09 | CVE-2020-13587 | SQL Injection vulnerability in Rukovoditel 2.7.2 An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. | 8.8 |
| 2020-09-14 | CVE-2020-21732 | Cross-site Scripting vulnerability in Rukovoditel 2.6 Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). | 6.1 |
| 2020-04-27 | CVE-2020-11822 | Cross-site Scripting vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. | 4.3 |
| 2020-04-27 | CVE-2020-11821 | Cleartext Storage of Sensitive Information vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. | 5.0 |
| 2020-04-27 | CVE-2020-11817 | Unrestricted Upload of File with Dangerous Type vulnerability in Rukovoditel 2.5.2 In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. | 6.8 |
| 2020-04-16 | CVE-2020-11820 | SQL Injection vulnerability in Rukovoditel 2.5.2 Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter. | 7.5 |
| 2020-04-16 | CVE-2020-11819 | Improper Input Validation vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution. | 7.5 |
| 2020-04-16 | CVE-2020-11818 | Cross-Site Request Forgery (CSRF) vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. | 6.8 |