The official github of the project is: https://github.com/Rukovoditel/Rukovoditel, but hasn't been updated for a long time. The source code of the software can be downloaded at: https://sourceforge.net/projects/rukovoditel/files/rukovoditel_2.8.3.zip/download
- Attacker may exploit the CSRF vulenrability to add user with admin privilege. Process: (1) Admin login to his own account with correct credential. (2) The advesary crafts the following web page with an username "admin2" and password "admin2", and hosts it online.