📦 Rukovoditel

CVE-2023-53913 is a CSV injection vulnerability in Rukovoditel 3.3.1 that allows authenticated users to inject malicious formulas into user profile fields. When administrators export customer data as ...

This cross-site scripting (XSS) vulnerability in Rukovoditel allows attackers to inject malicious scripts via the user_photo parameter during user registration. When exploited, it enables session hija...

This SQL injection vulnerability in Rukovoditel Project Management App allows authenticated attackers to execute arbitrary SQL commands through the entities/fields page. Organizations using version 2....

This CSRF vulnerability in Rukovoditel v2.8.3 allows attackers to trick authenticated administrators into unknowingly creating new admin accounts with attacker-controlled credentials. Any organization...

This SQL injection vulnerability in Rukovoditel Project Management App allows authenticated attackers to execute arbitrary SQL commands through the access_rules/rules_form page. Attackers with adminis...

This vulnerability allows cross-site scripting (XSS) attacks via the user_photo parameter on the My Page feature in Rukovoditel. Attackers can inject malicious scripts that execute in victims' browser...