VYPR
Vendor

Sentrifugo

Products
1
CVEs
17
Across products
17
Status
Private

Products

1

Recent CVEs

17
  • CVE-2018-15873CriAug 28, 2018
    risk 0.64cvss 9.8epss 0.01

    A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter.

  • CVE-2019-15813Sep 4, 2019
    risk 0.03cvss epss 0.33

    Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell.

  • CVE-2024-29879Mar 21, 2024
    risk 0.00cvss epss 0.00

    Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal…

  • CVE-2024-29878Mar 21, 2024
    risk 0.00cvss epss 0.00

    Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/sitepreference/add, 'description' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.

  • CVE-2024-29877Mar 21, 2024
    risk 0.00cvss epss 0.01

    Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/expenses/expensecategories/edit, 'expense_category_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and…

  • CVE-2024-29876Mar 21, 2024
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/reports/activitylogreport, 'sortby' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.

  • CVE-2024-29875Mar 21, 2024
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/default/reports/exportactiveuserrpt, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data…

  • CVE-2024-29874Mar 21, 2024
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/activeuserrptpdf, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from…

  • CVE-2024-29873Mar 21, 2024
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from…

  • CVE-2024-29872Mar 21, 2024
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/empscreening/add, 'agencyids' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.

  • CVE-2024-29871Mar 21, 2024
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, 'id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and…

  • CVE-2024-29870Mar 21, 2024
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter./sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote…

  • CVE-2023-29770Nov 27, 2023
    risk 0.00cvss epss 0.01

    In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering.

  • CVE-2020-26803Nov 12, 2020
    risk 0.00cvss epss 0.01

    In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. This "Upload Images" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload malicious files using this functionality and control the server.

  • CVE-2020-26804Nov 12, 2020
    risk 0.00cvss epss 0.01

    In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. Also, in this page, users can upload attachments with the shared announcements. This "Upload Attachment" functionality is suffered from "Unrestricted File Upload" vulnerability so…

  • CVE-2020-26805Nov 12, 2020
    risk 0.00cvss epss 0.01

    In Sentrifugo 3.2, admin can edit employee's informations via this endpoint --> /sentrifugo/index.php/empadditionaldetails/edit/userid/2. In this POST request, "employeeNumId" parameter is affected by SQLi vulnerability. Attacker can inject SQL commands into query, read data…

  • CVE-2019-16059Sep 6, 2019
    risk 0.00cvss epss 0.01

    Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page.