Fairsketch Rise Ultimate Project Manager vulnerabilities
16 known vulnerabilities affecting fairsketch/rise_ultimate_project_manager.
Total CVEs
16
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM12
Vulnerabilities
Page 1 of 1
CVE-2024-8945P2HIGHCVSS 8.8PoCv3.7.02024-09-17
CVE-2024-8945 [HIGH] CWE-89 CVE-2024-8945: A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as c
A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /index.php/dashboard/save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is re
nvd
CVE-2017-17999P2CRITICALCVSS 9.8PoCv1.92018-01-23
CVE-2017-17999 [CRITICAL] CWE-89 CVE-2017-17999: SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute
SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledge_base/get_article_suggestion/.
nvd
CVE-2025-60378P3HIGHCVSS 8.1fixed in 3.9.42025-10-10
CVE-2025-60378 [HIGH] CWE-79 CVE-2025-60378: Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject ar
Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business email compromise. Automated recurring invoices and messaging
nvd
CVE-2025-63293P3MEDIUMCVSS 6.5v3.9.42025-11-03
CVE-2025-63293 [MEDIUM] CWE-862 CVE-2025-63293: FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote
FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API.
nvd
CVE-2019-18884P3HIGHCVSS 8.8v2.32019-11-13
CVE-2019-18884 [HIGH] CWE-352 CVE-2019-18884: index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding auth
index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users.
nvd
CVE-2024-0545P4MEDIUMCVSS 6.1v3.5.32024-01-15
CVE-2024-0545 [MEDIUM] CWE-601 CVE-2024-0545: A vulnerability classified as problematic was found in CodeCanyon RISE Ultimate Project Manager 3.5.
A vulnerability classified as problematic was found in CodeCanyon RISE Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public
nvd
CVE-2025-41103P4MEDIUMCVSS 5.4fixed in 3.92025-11-11
CVE-2025-41103 [MEDIUM] CWE-79 CVE-2025-41103: HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HT
HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'reply_message' in '/messages/reply'.
nvd
CVE-2025-41104P4MEDIUMCVSS 5.4fixed in 3.92025-11-11
CVE-2025-41104 [MEDIUM] CWE-79 CVE-2025-41104: HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HT
HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'custom_field_1' in '/estimate_requests/save_estimate_request'.
nvd
CVE-2025-41106P4MEDIUMCVSS 5.4fixed in 3.92025-11-11
CVE-2025-41106 [MEDIUM] CWE-79 CVE-2025-41106: HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HT
HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'first_name' in '/clients/save_contact/'.
nvd
CVE-2025-41102P4MEDIUMCVSS 5.4fixed in 3.92025-11-11
CVE-2025-41102 [MEDIUM] CWE-79 CVE-2025-41102: HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HT
HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/events/save'.
nvd
CVE-2025-41105P4MEDIUMCVSS 5.4fixed in 3.92025-11-11
CVE-2025-41105 [MEDIUM] CWE-79 CVE-2025-41105: HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HT
HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/tickets/save'.
nvd
CVE-2025-41101P4MEDIUMCVSS 5.4fixed in 3.92025-11-11
CVE-2025-41101 [MEDIUM] CWE-79 CVE-2025-41101: HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HT
HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in'/projects/save'.
nvd
CVE-2025-56807P4MEDIUMCVSS 6.1v3.9.42025-09-29
CVE-2025-56807 [MEDIUM] CWE-79 CVE-2025-56807: A cross-site scripting (XSS) vulnerability in FairSketch RISE Ultimate Project Manager & CRM 3.9.4 a
A cross-site scripting (XSS) vulnerability in FairSketch RISE Ultimate Project Manager & CRM 3.9.4 allows an administrator to store a JavaScript payload using the file explorer in the admin dashboard when creating new folders.
nvd
CVE-2025-3855P4MEDIUMCVSS 4.3v3.8.22025-04-22
CVE-2025-3855 [MEDIUM] CWE-99 CVE-2025-3855: A vulnerability was found in CodeCanyon RISE Ultimate Project Manager 3.8.2 and classified as proble
A vulnerability was found in CodeCanyon RISE Ultimate Project Manager 3.8.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php/team_members/save_profile_image/ of the component Profile Picture Handler. The manipulation of the argument profile_image_file leads to improper control of resource identi
nvd
CVE-2017-11182P4MEDIUMCVSS 5.4v1.82017-07-12
CVE-2017-11182 [MEDIUM] CWE-79 CVE-2017-11182: In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All
In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable.
nvd
CVE-2017-11181P4MEDIUMCVSS 5.4v1.82017-07-12
CVE-2017-11181 [MEDIUM] CWE-79 CVE-2017-11181: In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subj
In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable.
nvd