Vulnerabilities > Rukovoditel > Rukovoditel > 2.5.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-04-27 | CVE-2020-11822 | Cross-site Scripting vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. | 4.3 |
2020-04-27 | CVE-2020-11821 | Cleartext Storage of Sensitive Information vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. | 5.0 |
2020-04-27 | CVE-2020-11817 | Unrestricted Upload of File with Dangerous Type vulnerability in Rukovoditel 2.5.2 In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. | 6.8 |
2020-04-16 | CVE-2020-11820 | SQL Injection vulnerability in Rukovoditel 2.5.2 Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter. | 7.5 |
2020-04-16 | CVE-2020-11819 | Improper Input Validation vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution. | 7.5 |
2020-04-16 | CVE-2020-11818 | Cross-Site Request Forgery (CSRF) vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. | 6.8 |
2020-04-16 | CVE-2020-11816 | SQL Injection vulnerability in Rukovoditel 2.5.2 Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter. | 7.5 |
2020-04-16 | CVE-2020-11815 | Unrestricted Upload of File with Dangerous Type vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. | 6.8 |
2020-04-16 | CVE-2020-11813 | Cross-site Scripting vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. | 3.5 |
2020-04-16 | CVE-2020-11812 | SQL Injection vulnerability in Rukovoditel 2.5.2 Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[0][value] or filters[1][value] parameter. | 7.5 |