Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sapplica sentrifugo 3.2 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-26803
In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. This "Upload Images" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload malicious files using this functionality and control the se...
Sapplica Sentrifugo 3.2
9.8
CVSSv3
CVE-2018-15873
A SQL Injection issue exists in Sentrifugo 3.2 via the deptid parameter.
Sapplica Sentrifugo 3.2
6.1
CVSSv3
CVE-2020-28365
Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability only affects products that are no l...
Sapplica Sentrifugo 3.2
6.5
CVSSv3
CVE-2020-10218
A Blind SQL Injection issue exists in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function.
Sapplica Sentrifugo 3.2
8.8
CVSSv3
CVE-2019-16059
Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page.
Sapplica Sentrifugo 3.2
7.2
CVSSv3
CVE-2020-26805
In Sentrifugo 3.2, admin can edit employee's informations via this endpoint --> /sentrifugo/index.php/empadditionaldetails/edit/userid/2. In this POST request, "employeeNumId" parameter is affected by SQLi vulnerability. Attacker can inject SQL commands into que...
Sapplica Sentrifugo 3.2
8.8
CVSSv3
CVE-2020-26804
In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. Also, in this page, users can upload attachments with the shared announcements. This "Upload Attachment" functionality is suffered from "Unrestricted File Upl...
Sapplica Sentrifugo 3.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started