VYPR

Sentrifugo

by Sapplica

Source repositories

CVEs (3)

  • CVE-2018-15873CriAug 28, 2018
    risk 0.64cvss 9.8epss 0.01

    A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter.

  • CVE-2020-28365Dec 30, 2020
    risk 0.00cvss epss 0.01

    Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability only affects products that are no…

  • CVE-2020-10218Mar 13, 2020
    risk 0.00cvss epss 0.01

    A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function.