Total
47 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-11817 | 1 Rukovoditel | 1 Rukovoditel | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs with the Maintenance Mode setting. | |||||
CVE-2020-11816 | 1 Rukovoditel | 1 Rukovoditel | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter. | |||||
CVE-2020-11812 | 1 Rukovoditel | 1 Rukovoditel | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[0][value] or filters[1][value] parameter. | |||||
CVE-2020-21732 | 1 Rukovoditel | 1 Rukovoditel | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename. | |||||
CVE-2019-7541 | 1 Rukovoditel | 1 Rukovoditel | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring. | |||||
CVE-2018-20166 | 1 Rukovoditel | 1 Rukovoditel | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in ".php" with mixed case, such as the .pHp extension. | |||||
CVE-2019-7400 | 1 Rukovoditel | 1 Rukovoditel | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Rukovoditel before 2.4.1 allows XSS. |