Vulnerabilities > Rukovoditel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-16 | CVE-2020-11816 | SQL Injection vulnerability in Rukovoditel 2.5.2 Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter. | 7.5 |
| 2020-04-16 | CVE-2020-11815 | Unrestricted Upload of File with Dangerous Type vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. | 6.8 |
| 2020-04-16 | CVE-2020-11813 | Cross-site Scripting vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. | 3.5 |
| 2020-04-16 | CVE-2020-11812 | SQL Injection vulnerability in Rukovoditel 2.5.2 Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[0][value] or filters[1][value] parameter. | 7.5 |
| 2019-05-07 | CVE-2019-7541 | Cross-site Scripting vulnerability in Rukovoditel Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring. | 4.3 |
| 2019-02-05 | CVE-2019-7400 | Cross-site Scripting vulnerability in Rukovoditel Rukovoditel before 2.4.1 allows XSS. | 6.1 |
| 2019-01-02 | CVE-2018-20166 | Unrestricted Upload of File with Dangerous Type vulnerability in Rukovoditel 2.3.1 A file-upload vulnerability exists in Rukovoditel 2.3.1. | 6.5 |