Vulnerabilities > Rukovoditel > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-05 CVE-2022-45020 Cross-site Scripting vulnerability in Rukovoditel 3.2.1
Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login.
network
low complexity
rukovoditel CWE-79
8.8
8.8
2022-11-14 CVE-2022-43288 SQL Injection vulnerability in Rukovoditel 3.2.1
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php.
network
low complexity
rukovoditel CWE-89
8.8
8.8
2021-08-17 CVE-2020-13588 SQL Injection vulnerability in Rukovoditel 2.7.2
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2.
network
low complexity
rukovoditel CWE-89
8.8
8.8
2021-08-17 CVE-2020-13589 SQL Injection vulnerability in Rukovoditel 2.7.2
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2.
network
low complexity
rukovoditel CWE-89
8.8
8.8
2021-04-09 CVE-2020-13592 SQL Injection vulnerability in Rukovoditel 2.7.2
An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2.
network
low complexity
rukovoditel CWE-89
8.8
8.8
2021-04-09 CVE-2020-13591 SQL Injection vulnerability in Rukovoditel 2.7.2
An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2.
network
low complexity
rukovoditel CWE-89
8.8
8.8
2021-04-09 CVE-2020-13587 SQL Injection vulnerability in Rukovoditel 2.7.2
An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2.
network
low complexity
rukovoditel CWE-89
8.8
8.8
2020-04-16 CVE-2020-11820 SQL Injection vulnerability in Rukovoditel 2.5.2
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter.
network
low complexity
rukovoditel CWE-89
7.5
7.5
2020-04-16 CVE-2020-11819 Improper Input Validation vulnerability in Rukovoditel 2.5.2
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.
network
low complexity
rukovoditel CWE-20
7.5
7.5
2020-04-16 CVE-2020-11816 SQL Injection vulnerability in Rukovoditel 2.5.2
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter.
network
low complexity
rukovoditel CWE-89
7.5
7.5