Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sentrifugo sentrifugo 3.2 vulnerabilities and exploits
(subscribe to this query)
656
VMScore
CVE-2019-15813
Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell.
Sentrifugo Sentrifugo 3.2
1 EDB exploit
2 Github repositories
355
VMScore
CVE-2019-15814
Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML.
Sentrifugo Sentrifugo 3.2
1 EDB exploit
578
VMScore
CVE-2020-26803
In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. This "Upload Images" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload malicious files using this functionality and control the se...
Sapplica Sentrifugo 3.2
668
VMScore
CVE-2018-15873
A SQL Injection issue exists in Sentrifugo 3.2 via the deptid parameter.
Sapplica Sentrifugo 3.2
356
VMScore
CVE-2020-10218
A Blind SQL Injection issue exists in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function.
Sapplica Sentrifugo 3.2
578
VMScore
CVE-2020-26805
In Sentrifugo 3.2, admin can edit employee's informations via this endpoint --> /sentrifugo/index.php/empadditionaldetails/edit/userid/2. In this POST request, "employeeNumId" parameter is affected by SQLi vulnerability. Attacker can inject SQL commands into que...
Sapplica Sentrifugo 3.2
383
VMScore
CVE-2020-28365
Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability only affects products that are no l...
Sapplica Sentrifugo 3.2
578
VMScore
CVE-2020-26804
In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. Also, in this page, users can upload attachments with the shared announcements. This "Upload Attachment" functionality is suffered from "Unrestricted File Upl...
Sapplica Sentrifugo 3.2
605
VMScore
CVE-2019-16059
Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page.
Sapplica Sentrifugo 3.2
NA
CVE-2024-29871
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, 'id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the se...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »