Vulnerabilities > Rukovoditel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-27 | CVE-2020-11817 | Unrestricted Upload of File with Dangerous Type vulnerability in Rukovoditel 2.5.2 In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. | 6.8 |
| 2020-04-16 | CVE-2020-11818 | Cross-Site Request Forgery (CSRF) vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. | 6.8 |
| 2020-04-16 | CVE-2020-11815 | Unrestricted Upload of File with Dangerous Type vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. | 6.8 |
| 2019-05-07 | CVE-2019-7541 | Cross-site Scripting vulnerability in Rukovoditel Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring. | 4.3 |
| 2019-02-05 | CVE-2019-7400 | Cross-site Scripting vulnerability in Rukovoditel Rukovoditel before 2.4.1 allows XSS. | 6.1 |
| 2019-01-02 | CVE-2018-20166 | Unrestricted Upload of File with Dangerous Type vulnerability in Rukovoditel 2.3.1 A file-upload vulnerability exists in Rukovoditel 2.3.1. | 6.5 |