Vulnerabilities > Rukovoditel > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-05 CVE-2022-45020 Cross-site Scripting vulnerability in Rukovoditel 3.2.1
Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login.
network
low complexity
rukovoditel CWE-79
8.8
8.8
2022-11-14 CVE-2022-43288 SQL Injection vulnerability in Rukovoditel 3.2.1
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php.
network
low complexity
rukovoditel CWE-89
8.8
8.8
2022-04-18 CVE-2020-13590 SQL Injection vulnerability in Rukovoditel 2.7.2
Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2.
network
low complexity
rukovoditel CWE-89
7.2
7.2
2021-08-17 CVE-2020-13588 SQL Injection vulnerability in Rukovoditel 2.7.2
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2.
network
low complexity
rukovoditel CWE-89
8.8
8.8
2021-08-17 CVE-2020-13589 SQL Injection vulnerability in Rukovoditel 2.7.2
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2.
network
low complexity
rukovoditel CWE-89
8.8
8.8
2021-04-29 CVE-2021-30224 Cross-Site Request Forgery (CSRF) vulnerability in Rukovoditel 2.8.3
Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials.
network
low complexity
rukovoditel CWE-352
8.8
8.8
2021-04-09 CVE-2020-13592 SQL Injection vulnerability in Rukovoditel 2.7.2
An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2.
network
low complexity
rukovoditel CWE-89
8.8
8.8
2021-04-09 CVE-2020-13591 SQL Injection vulnerability in Rukovoditel 2.7.2
An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2.
network
low complexity
rukovoditel CWE-89
8.8
8.8
2021-04-09 CVE-2020-13587 SQL Injection vulnerability in Rukovoditel 2.7.2
An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2.
network
low complexity
rukovoditel CWE-89
8.8
8.8
2020-04-16 CVE-2020-11818 Cross-Site Request Forgery (CSRF) vulnerability in Rukovoditel 2.5.2
In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks.
network
low complexity
rukovoditel CWE-352
8.8
8.8