2.5.2

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-27	CVE-2020-11822	Cross-site Scripting vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. network rukovoditel CWE-79	4.3
2020-04-27	CVE-2020-11821	Cleartext Storage of Sensitive Information vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. network low complexity rukovoditel CWE-312	5.0
2020-04-27	CVE-2020-11817	Unrestricted Upload of File with Dangerous Type vulnerability in Rukovoditel 2.5.2 In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. network rukovoditel CWE-434	6.8
2020-04-16	CVE-2020-11820	SQL Injection vulnerability in Rukovoditel 2.5.2 Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter. network low complexity rukovoditel CWE-89	7.5
2020-04-16	CVE-2020-11819	Improper Input Validation vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution. network low complexity rukovoditel CWE-20	7.5
2020-04-16	CVE-2020-11818	Cross-Site Request Forgery (CSRF) vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. network rukovoditel CWE-352	6.8
2020-04-16	CVE-2020-11816	SQL Injection vulnerability in Rukovoditel 2.5.2 Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter. network low complexity rukovoditel CWE-89	7.5
2020-04-16	CVE-2020-11815	Unrestricted Upload of File with Dangerous Type vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. network rukovoditel CWE-434	6.8
2020-04-16	CVE-2020-11813	Cross-site Scripting vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. network rukovoditel CWE-79	3.5
2020-04-16	CVE-2020-11812	SQL Injection vulnerability in Rukovoditel 2.5.2 Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[0][value] or filters[1][value] parameter. network low complexity rukovoditel CWE-89	7.5