Vulnerabilities > Rukovoditel

DATE CVE VULNERABILITY TITLE RISK
2020-04-16 CVE-2020-11816 SQL Injection vulnerability in Rukovoditel 2.5.2
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter.
network
low complexity
rukovoditel CWE-89
critical
 9.8
9.8
2020-04-16 CVE-2020-11815 Unrestricted Upload of File with Dangerous Type vulnerability in Rukovoditel 2.5.2
In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value.
network
low complexity
rukovoditel CWE-434
critical
 9.8
9.8
2020-04-16 CVE-2020-11813 Cross-site Scripting vulnerability in Rukovoditel 2.5.2
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input.
network
low complexity
rukovoditel CWE-79
5.4
5.4
2020-04-16 CVE-2020-11812 SQL Injection vulnerability in Rukovoditel 2.5.2
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[0][value] or filters[1][value] parameter.
network
low complexity
rukovoditel CWE-89
critical
 9.8
9.8
2019-05-07 CVE-2019-7541 Cross-site Scripting vulnerability in Rukovoditel
Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring.
network
low complexity
rukovoditel CWE-79
6.1
6.1
2019-02-05 CVE-2019-7400 Cross-site Scripting vulnerability in Rukovoditel
Rukovoditel before 2.4.1 allows XSS.
network
low complexity
rukovoditel CWE-79
6.1
6.1
2019-01-02 CVE-2018-20166 Unrestricted Upload of File with Dangerous Type vulnerability in Rukovoditel 2.3.1
A file-upload vulnerability exists in Rukovoditel 2.3.1.
network
low complexity
rukovoditel CWE-434
8.8
8.8