Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials.
Max CVSS
8.8
EPSS Score
0.11%
Published
2021-04-29
Updated
2021-05-03
An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.
Max CVSS
8.8
EPSS Score
0.30%
Published
2021-04-09
Updated
2023-02-03
An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.
Max CVSS
8.8
EPSS Score
0.30%
Published
2021-04-09
Updated
2023-02-03
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entities_id parameter in the 'entities/fields page (mulitple_edit or copy_selected or export function) is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.
Max CVSS
8.8
EPSS Score
0.27%
Published
2021-08-17
Updated
2022-10-06
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.
Max CVSS
8.8
EPSS Score
0.27%
Published
2021-08-17
Updated
2022-10-06
An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.
Max CVSS
8.8
EPSS Score
0.30%
Published
2021-04-09
Updated
2023-02-03
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!