Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter.
Max CVSS
9.8
EPSS Score
0.14%
Published
2022-12-02
Updated
2022-12-06
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php.
Max CVSS
8.8
EPSS Score
0.07%
Published
2022-11-14
Updated
2022-11-16
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter.
Max CVSS
9.8
EPSS Score
0.15%
Published
2022-10-28
Updated
2022-11-01
Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done either with administrator credentials or through cross-site request forgery.
Max CVSS
7.2
EPSS Score
0.07%
Published
2022-04-18
Updated
2022-04-26
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!