Lucene search
K

193 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:38 a.m.7 views

CVE-2023-29770

In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering...

8.8CVSS6.8AI score0.00906EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:34 p.m.10 views

CVE-2020-26805

In Sentrifugo 3.2, admin can edit employee's informations via this endpoint -- /sentrifugo/index.php/empadditionaldetails/edit/userid/2. In this POST request, "employeeNumId" parameter is affected by SQLi vulnerability. Attacker can inject SQL commands into query, read data from database or write...

7.2CVSS7.8AI score0.01486EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:34 p.m.11 views

CVE-2020-26803

In Sentrifugo 3.2, users can upload an image under "Assets - Add" tab. This "Upload Images" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload malicious files using this functionality and control the server...

8.8CVSS7AI score0.01394EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:5 p.m.7 views

CVE-2020-10218

A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function...

6.5CVSS8.2AI score0.01164EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:6 a.m.10 views

CVE-2019-15813

Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell...

8.8CVSS7.7AI score0.33236EPSS
Exploits7References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:37 a.m.8 views

CVE-2019-15814

Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML...

5.4CVSS5.8AI score0.01581EPSS
Exploits5References1
CNVD
CNVD
added 2024/03/26 12:0 a.m.8 views

Sentrifugo sort_name Parameter SQL Injection Vulnerability

Sentrifugo is a human resource management system. The system includes functions for human resources management, performance appraisal, recruitment management and asset management. A SQL injection vulnerability exists in Sentrifugo version 3.2, which originates from the lack of validation of...

9.8CVSS7.9AI score0.00874EPSS
Exploits0References1
CNVD
CNVD
added 2024/03/26 12:0 a.m.8 views

Sentrifugo agencyids parameter SQL injection vulnerability

Sentrifugo is a human resource management system. The system includes functions for human resources management, performance appraisal, recruitment management and asset management. A SQL injection vulnerability exists in Sentrifugo version 3.2, which originates from a lack of validation of...

9.8CVSS7.9AI score0.00825EPSS
Exploits0References1
CNVD
CNVD
added 2024/03/26 12:0 a.m.5 views

Sentrifugo bunitname parameter SQL injection vulnerability

Sentrifugo is a human resource management system. The system includes functions for human resources management, performance appraisal, recruitment management and asset management. A SQL injection vulnerability exists in Sentrifugo version 3.2, which originates from the lack of validation of...

9.8CVSS7.9AI score0.00825EPSS
Exploits0References1
CNVD
CNVD
added 2024/03/26 12:0 a.m.7 views

Sentrifugo business_id Parameter Cross-Site Scripting Vulnerability

Sentrifugo is a human resource management system. The system includes functions for human resources management, performance appraisal, recruitment management and asset management. A cross-site scripting vulnerability exists in Sentrifugo version 3.2, which stems from the lack of effective filteri...

7.1CVSS6.6AI score0.00489EPSS
Exploits0References1
CNVD
CNVD
added 2024/03/26 12:0 a.m.4 views

Sentrifugo expense_category_name parameter cross-site scripting vulnerability

Sentrifugo is a human resource management system. The system includes functions for human resources management, performance appraisal, recruitment management and asset management. Sentrifugo version 3.2 suffers from a cross-site scripting vulnerability that stems from the lack of effective...

7.1CVSS6.3AI score0.00502EPSS
Exploits0References1
CNVD
CNVD
added 2024/03/26 12:0 a.m.7 views

Sentrifugo description parameter cross-site scripting vulnerability

Sentrifugo is a human resource management system. The system includes functions for human resources management, performance appraisal, recruitment management and asset management. A cross-site scripting vulnerability exists in Sentrifugo version 3.2, which stems from the lack of effective filteri...

7.1CVSS6.3AI score0.00489EPSS
Exploits0References1
CNVD
CNVD
added 2024/03/26 12:0 a.m.9 views

Sentrifugo business_id Parameter SQL Injection Vulnerability

Sentrifugo is a human resource management system. The system includes functions for human resources management, performance appraisal, recruitment management and asset management. A SQL injection vulnerability exists in Sentrifugo version 3.2, which originates from the lack of validation of...

9.8CVSS7.9AI score0.00856EPSS
Exploits0References1
CNVD
CNVD
added 2024/03/26 12:0 a.m.7 views

Sentrifugo id Parameter SQL Injection Vulnerability

Sentrifugo is a human resource management system. The system includes functions for human resources management, performance appraisal, recruitment management and asset management. A SQL injection vulnerability exists in Sentrifugo version 3.2, which stems from a missing id parameter in the...

9.8CVSS7.8AI score0.00863EPSS
Exploits0References1
OSV
OSV
added 2024/03/21 2:15 p.m.4 views

CVE-2024-29878

Cross-Site Scripting XSS vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/sitepreference/add, 'description' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

6.1CVSS5.8AI score0.00489EPSS
Exploits0References1
NVD
NVD
added 2024/03/21 2:15 p.m.13 views

CVE-2024-29879

Cross-Site Scripting XSS vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'businessid' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

7.1CVSS6.2AI score0.00489EPSS
Exploits0References1
OSV
OSV
added 2024/03/21 2:15 p.m.3 views

CVE-2024-29877

Cross-Site Scripting XSS vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/expenses/expensecategories/edit, 'expensecategoryname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

6.1CVSS5.8AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2024/03/21 2:15 p.m.3 views

CVE-2024-29879

Cross-Site Scripting XSS vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'businessid' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

6.1CVSS5.8AI score0.00489EPSS
Exploits0References1
NVD
NVD
added 2024/03/21 2:15 p.m.19 views

CVE-2024-29878

Cross-Site Scripting XSS vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/sitepreference/add, 'description' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

7.1CVSS6.2AI score0.00489EPSS
Exploits0References1
OSV
OSV
added 2024/03/21 2:15 p.m.4 views

CVE-2024-29876

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/activitylogreport, 'sortby' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it...

9.8CVSS5.9AI score0.00825EPSS
Exploits0References1
Rows per page
Query Builder