Total
47 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-48175 | 1 Rukovoditel | 1 Rukovoditel | 2023-02-07 | N/A | 9.8 CRITICAL |
Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request. | |||||
CVE-2020-13592 | 1 Rukovoditel | 1 Rukovoditel | 2023-02-03 | 6.8 MEDIUM | 8.8 HIGH |
An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | |||||
CVE-2020-13591 | 1 Rukovoditel | 1 Rukovoditel | 2023-02-03 | 6.8 MEDIUM | 8.8 HIGH |
An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | |||||
CVE-2020-13587 | 1 Rukovoditel | 1 Rukovoditel | 2023-02-03 | 6.8 MEDIUM | 8.8 HIGH |
An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | |||||
CVE-2019-7400 | 1 Rukovoditel | 1 Rukovoditel | 2023-02-03 | 4.3 MEDIUM | 6.1 MEDIUM |
Rukovoditel before 2.4.1 allows XSS. | |||||
CVE-2022-45020 | 1 Rukovoditel | 1 Rukovoditel | 2022-12-06 | N/A | 8.8 HIGH |
Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
CVE-2022-44945 | 1 Rukovoditel | 1 Rukovoditel | 2022-12-05 | N/A | 9.8 CRITICAL |
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter. | |||||
CVE-2022-44951 | 1 Rukovoditel | 1 Rukovoditel | 2022-12-05 | N/A | 5.4 MEDIUM |
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||||
CVE-2022-44952 | 1 Rukovoditel | 1 Rukovoditel | 2022-12-05 | N/A | 5.4 MEDIUM |
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add". | |||||
CVE-2022-44949 | 1 Rukovoditel | 1 Rukovoditel | 2022-12-05 | N/A | 5.4 MEDIUM |
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field. | |||||
CVE-2022-44950 | 1 Rukovoditel | 1 Rukovoditel | 2022-12-05 | N/A | 5.4 MEDIUM |
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||||
CVE-2022-44948 | 1 Rukovoditel | 1 Rukovoditel | 2022-12-05 | N/A | 5.4 MEDIUM |
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add". | |||||
CVE-2022-44944 | 1 Rukovoditel | 1 Rukovoditel | 2022-12-05 | N/A | 5.4 MEDIUM |
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. | |||||
CVE-2022-44947 | 1 Rukovoditel | 1 Rukovoditel | 2022-12-05 | N/A | 5.4 MEDIUM |
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking "Add". | |||||
CVE-2022-44946 | 1 Rukovoditel | 1 Rukovoditel | 2022-12-05 | N/A | 5.4 MEDIUM |
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. | |||||
CVE-2022-43288 | 1 Rukovoditel | 1 Rukovoditel | 2022-11-16 | N/A | 8.8 HIGH |
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php. | |||||
CVE-2022-43167 | 1 Rukovoditel | 1 Rukovoditel | 2022-11-01 | N/A | 5.4 MEDIUM |
A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". | |||||
CVE-2022-43168 | 1 Rukovoditel | 1 Rukovoditel | 2022-11-01 | N/A | 9.8 CRITICAL |
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter. | |||||
CVE-2022-43169 | 1 Rukovoditel | 1 Rukovoditel | 2022-11-01 | N/A | 5.4 MEDIUM |
A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Group". | |||||
CVE-2022-43170 | 1 Rukovoditel | 1 Rukovoditel | 2022-11-01 | N/A | 5.4 MEDIUM |
A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add info block". |