Remote Code Execution Vulnerability in Rukovoditel by Rukovoditel
CVE-2022-48175

9.8CRITICAL

Key Information:

Vendor: Rukovoditel
Status: Rukovoditel
Vendor: CVE Published:; 30 January 2023

🔔 Create Rukovoditel Vulnerability Alert

What is CVE-2022-48175?

A remote code execution vulnerability has been identified in Rukovoditel v3.2.1, specifically in the component located at /rukovoditel/index.php?module=dashboard/ajax_request. This flaw allows unauthorized users to execute arbitrary code on the server, potentially leading to severe security breaches and unauthorized access to sensitive information. Organizations using this version are advised to implement necessary security measures and consider updating to a patched version.

References

https://github.com/y1s3m0/vulnfind/blob/main/rukovoditel/...

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 30, 2023
Vulnerability Reserved
Dec 29, 2022

JSON