Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sentrifugo sentrifugo 3.2 vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2019-15814
Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML.
Sentrifugo Sentrifugo 3.2
1 EDB exploit
6.5
CVSSv2
CVE-2019-15813
Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell.
Sentrifugo Sentrifugo 3.2
1 EDB exploit
2 Github repositories
4.3
CVSSv2
CVE-2020-28365
Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability only affects products that are no l...
Sapplica Sentrifugo 3.2
7.5
CVSSv2
CVE-2018-15873
A SQL Injection issue exists in Sentrifugo 3.2 via the deptid parameter.
Sapplica Sentrifugo 3.2
6.5
CVSSv2
CVE-2020-26803
In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. This "Upload Images" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload malicious files using this functionality and control the se...
Sapplica Sentrifugo 3.2
6.5
CVSSv2
CVE-2020-26805
In Sentrifugo 3.2, admin can edit employee's informations via this endpoint --> /sentrifugo/index.php/empadditionaldetails/edit/userid/2. In this POST request, "employeeNumId" parameter is affected by SQLi vulnerability. Attacker can inject SQL commands into que...
Sapplica Sentrifugo 3.2
4
CVSSv2
CVE-2020-10218
A Blind SQL Injection issue exists in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function.
Sapplica Sentrifugo 3.2
6.8
CVSSv2
CVE-2019-16059
Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page.
Sapplica Sentrifugo 3.2
6.5
CVSSv2
CVE-2020-26804
In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. Also, in this page, users can upload attachments with the shared announcements. This "Upload Attachment" functionality is suffered from "Unrestricted File Upl...
Sapplica Sentrifugo 3.2
NA
CVE-2024-29871
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, 'id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the se...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »