Skip to main content

Rukovoditel

35 CVEs product

Monthly

CVE-2024-34469 HIGH POC This Week

Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Rukovoditel
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2024-34468 MEDIUM POC This Month

Rukovoditel before 3.5.3 allows XSS via user_photo to My Page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rukovoditel
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-45020 HIGH POC This Week

Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service XSS Rukovoditel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-44952 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-44951 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-44950 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-44949 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-44948 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-44947 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-44946 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-44945 CRITICAL POC Act Now

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rukovoditel
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-44944 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-43288 HIGH POC This Week

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Rukovoditel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-43170 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-43169 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-43168 CRITICAL POC Act Now

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rukovoditel
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-43167 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-43166 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-43165 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-43164 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-43185 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rukovoditel
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-30224 HIGH POC PATCH This Week

Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Rukovoditel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-21732 MEDIUM This Month

Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rukovoditel
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-11822 MEDIUM POC This Month

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rukovoditel
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-11821 MEDIUM POC This Month

In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rukovoditel
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-11817 CRITICAL POC Act Now

In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Rukovoditel
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-11820 CRITICAL POC Act Now

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rukovoditel
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-11819 CRITICAL POC THREAT Act Now

In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Rukovoditel
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
26.8%
CVE-2020-11818 HIGH POC This Week

In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rukovoditel
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-11816 CRITICAL POC Act Now

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rukovoditel
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-11815 CRITICAL POC Act Now

In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Rukovoditel
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-11813 MEDIUM This Month

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rukovoditel
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-11812 CRITICAL Act Now

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[0][value] or filters[1][value] parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Rukovoditel
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-7541 MEDIUM POC This Month

Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rukovoditel
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
3.2%
CVE-2019-7400 MEDIUM POC This Month

Rukovoditel before 2.4.1 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rukovoditel
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
5.6%
EPSS 1% CVSS 7.1
HIGH POC This Week

Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Rukovoditel
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Rukovoditel before 3.5.3 allows XSS via user_photo to My Page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rukovoditel
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service XSS +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rukovoditel
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Rukovoditel
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rukovoditel
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rukovoditel
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Rukovoditel
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rukovoditel
NVD GitHub VulDB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rukovoditel
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rukovoditel
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Rukovoditel
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rukovoditel
NVD
EPSS 27% CVSS 9.8
CRITICAL POC THREAT Act Now

In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Rukovoditel
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rukovoditel
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rukovoditel
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Rukovoditel
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rukovoditel
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[0][value] or filters[1][value] parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Rukovoditel
NVD
EPSS 3% CVSS 6.1
MEDIUM POC This Month

Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rukovoditel
NVD Exploit-DB
EPSS 6% CVSS 6.1
MEDIUM POC This Month

Rukovoditel before 2.4.1 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rukovoditel
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy