Latest rukovoditel rukovoditel Vulnerabilities

CVE-2022-48175
Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request.
Rukovoditel Rukovoditel=3.2.1
CVE-2022-45020
Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cau...
Rukovoditel Rukovoditel=3.2.1
CVE-2022-44944
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability...
Rukovoditel Rukovoditel=3.2.1
=3.2.1
CVE-2022-44950
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability all...
Rukovoditel Rukovoditel=3.2.1
=3.2.1
CVE-2022-44946
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows ...
Rukovoditel Rukovoditel=3.2.1
=3.2.1
CVE-2022-44948
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows att...
Rukovoditel Rukovoditel=3.2.1
=3.2.1
CVE-2022-44951
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability a...
Rukovoditel Rukovoditel=3.2.1
=3.2.1
CVE-2022-44952
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary ...
Rukovoditel Rukovoditel=3.2.1
=3.2.1
CVE-2022-44949
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability all...
Rukovoditel Rukovoditel=3.2.1
=3.2.1
CVE-2022-44947
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerabili...
Rukovoditel Rukovoditel=3.2.1
=3.2.1
CVE-2022-44945
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter.
Rukovoditel Rukovoditel=3.2.1
=3.2.1
CVE-2022-43288
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php.
Rukovoditel Rukovoditel=3.2.1
CVE-2022-43170
A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute ar...
Rukovoditel Rukovoditel=3.2.1
CVE-2022-43166
A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scr...
Rukovoditel Rukovoditel=3.2.1
CVE-2022-43167
A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary we...
Rukovoditel Rukovoditel=3.2.1
CVE-2022-43168
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter.
Rukovoditel Rukovoditel=3.2.1
CVE-2022-43169
A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbit...
Rukovoditel Rukovoditel=3.2.1
CVE-2022-43165
A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scr...
Rukovoditel Rukovoditel=3.2.1
CVE-2022-43164
A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scrip...
Rukovoditel Rukovoditel=3.2.1
CVE-2022-43185
A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected in...
Rukovoditel Rukovoditel=3.2.1
CVE-2020-13590
Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An a...
Rukovoditel Rukovoditel=2.7.2
CVE-2020-18470
Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or ...
Rukovoditel Rukovoditel=2.4.1
CVE-2020-18469
Stored cross-site scripting (XSS) vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary ...
Rukovoditel Rukovoditel=2.4.1
CVE-2020-13589
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entities_id parameter in the 'entities/fields page (mulitple_edit o...
Rukovoditel Rukovoditel=2.7.2
CVE-2020-35985
A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload enter...
Rukovoditel Rukovoditel=2.7.2
CVE-2020-35984
A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload enter...
Rukovoditel Rukovoditel=2.7.2
CVE-2020-35987
A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload ente...
Rukovoditel Rukovoditel=2.7.2
CVE-2020-35986
A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payloa...
Rukovoditel Rukovoditel=2.7.2
CVE-2021-30224
Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials.
Rukovoditel Rukovoditel=2.8.3
CVE-2020-13592
An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacke...
Rukovoditel Rukovoditel=2.7.2
CVE-2020-13591
An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An ...
Rukovoditel Rukovoditel=2.7.2
CVE-2020-21732
Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename.
Rukovoditel Rukovoditel=2.6
=2.6
CVE-2020-11817
In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. As a result of that, an attacker can execute a command on the server. This specifi...
Rukovoditel Rukovoditel=2.5.2
CVE-2020-11822
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data.
Rukovoditel Rukovoditel=2.5.2
CVE-2020-11821
In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them.
Rukovoditel Rukovoditel=2.5.2
CVE-2020-11818
In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. This protection mechanism can be bypassed with another user's valid token. Thus, an attacker can change the Admin password ...
Rukovoditel Rukovoditel=2.5.2
CVE-2020-11816
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter.
Rukovoditel Rukovoditel=2.5.2
CVE-2020-11819
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.
Rukovoditel Rukovoditel=2.5.2
CVE-2020-11812
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[0][value] or filters[1][value] parameter.
Rukovoditel Rukovoditel=2.5.2
CVE-2020-11820
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter.
Rukovoditel Rukovoditel=2.5.2
CVE-2020-11815
In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. As a result of that, an attacker can execute a command on the server. This specific att...
Rukovoditel Rukovoditel=2.5.2
CVE-2020-11813
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. Thi...
Rukovoditel Rukovoditel=2.5.2
CVE-2019-7400
Rukovoditel before 2.4.1 allows XSS.
Rukovoditel Rukovoditel<2.4.1
CVE-2018-20166
A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP ...
Rukovoditel Rukovoditel=2.3.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203