Kubozzo

**Name of the Vulnerable Software and Affected Versions** Rukovoditel version 3.2.1 **Description** A SQL injection issue was found in Rukovoditel via the `order by` parameter at the "/rukovoditel/index.php?module=logs/view&type=php" endpoint. This allows for potential SQL injection attacks. **Recommendations** For Rukovoditel version 3.2.1, consider restricting access to the `/rukovoditel/index.php?module=logs/view&type=php` endpoint until a patch is available, and avoid using the `order by` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.