Vulnerabilities > Rukovoditel > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-01-30 CVE-2022-48175 Code Injection vulnerability in Rukovoditel 3.2.1
Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request.
network
low complexity
rukovoditel CWE-94
critical
 9.8
9.8
2022-12-02 CVE-2022-44945 SQL Injection vulnerability in Rukovoditel 3.2.1
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter.
network
low complexity
rukovoditel CWE-89
critical
 9.8
9.8
2022-10-28 CVE-2022-43168 SQL Injection vulnerability in Rukovoditel 3.2.1
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter.
network
low complexity
rukovoditel CWE-89
critical
 9.8
9.8
2020-04-27 CVE-2020-11817 Unrestricted Upload of File with Dangerous Type vulnerability in Rukovoditel 2.5.2
In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value.
network
low complexity
rukovoditel CWE-434
critical
 9.8
9.8
2020-04-16 CVE-2020-11820 SQL Injection vulnerability in Rukovoditel 2.5.2
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter.
network
low complexity
rukovoditel CWE-89
critical
 9.8
9.8
2020-04-16 CVE-2020-11819 Path Traversal vulnerability in Rukovoditel 2.5.2
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.
network
low complexity
rukovoditel CWE-22
critical
 9.8
9.8
2020-04-16 CVE-2020-11816 SQL Injection vulnerability in Rukovoditel 2.5.2
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter.
network
low complexity
rukovoditel CWE-89
critical
 9.8
9.8
2020-04-16 CVE-2020-11815 Unrestricted Upload of File with Dangerous Type vulnerability in Rukovoditel 2.5.2
In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value.
network
low complexity
rukovoditel CWE-434
critical
 9.8
9.8
2020-04-16 CVE-2020-11812 SQL Injection vulnerability in Rukovoditel 2.5.2
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[0][value] or filters[1][value] parameter.
network
low complexity
rukovoditel CWE-89
critical
 9.8
9.8