Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Rukovoditel Subscribe
Filtered by product Rukovoditel
Total 47 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-48175 1 Rukovoditel 1 Rukovoditel 2023-02-07 N/A 9.8 CRITICAL
Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request.
CVE-2020-13592 1 Rukovoditel 1 Rukovoditel 2023-02-03 6.8 MEDIUM 8.8 HIGH
An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.
CVE-2020-13591 1 Rukovoditel 1 Rukovoditel 2023-02-03 6.8 MEDIUM 8.8 HIGH
An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.
CVE-2020-13587 1 Rukovoditel 1 Rukovoditel 2023-02-03 6.8 MEDIUM 8.8 HIGH
An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.
CVE-2019-7400 1 Rukovoditel 1 Rukovoditel 2023-02-03 4.3 MEDIUM 6.1 MEDIUM
Rukovoditel before 2.4.1 allows XSS.
CVE-2022-45020 1 Rukovoditel 1 Rukovoditel 2022-12-06 N/A 8.8 HIGH
Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
CVE-2022-44945 1 Rukovoditel 1 Rukovoditel 2022-12-05 N/A 9.8 CRITICAL
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter.
CVE-2022-44951 1 Rukovoditel 1 Rukovoditel 2022-12-05 N/A 5.4 MEDIUM
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2022-44952 1 Rukovoditel 1 Rukovoditel 2022-12-05 N/A 5.4 MEDIUM
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add".
CVE-2022-44949 1 Rukovoditel 1 Rukovoditel 2022-12-05 N/A 5.4 MEDIUM
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field.
CVE-2022-44950 1 Rukovoditel 1 Rukovoditel 2022-12-05 N/A 5.4 MEDIUM
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2022-44948 1 Rukovoditel 1 Rukovoditel 2022-12-05 N/A 5.4 MEDIUM
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".
CVE-2022-44944 1 Rukovoditel 1 Rukovoditel 2022-12-05 N/A 5.4 MEDIUM
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.
CVE-2022-44947 1 Rukovoditel 1 Rukovoditel 2022-12-05 N/A 5.4 MEDIUM
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking "Add".
CVE-2022-44946 1 Rukovoditel 1 Rukovoditel 2022-12-05 N/A 5.4 MEDIUM
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.
CVE-2022-43288 1 Rukovoditel 1 Rukovoditel 2022-11-16 N/A 8.8 HIGH
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php.
CVE-2022-43167 1 Rukovoditel 1 Rukovoditel 2022-11-01 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add".
CVE-2022-43168 1 Rukovoditel 1 Rukovoditel 2022-11-01 N/A 9.8 CRITICAL
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter.
CVE-2022-43169 1 Rukovoditel 1 Rukovoditel 2022-11-01 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Group".
CVE-2022-43170 1 Rukovoditel 1 Rukovoditel 2022-11-01 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add info block".