10 matches found
EUVD-2018-7730
Malware in sbrugna...
EUVD-2024-26862
Malicious code in bioql PyPI...
EUVD-2024-26863
Malicious code in bioql PyPI...
EUVD-2024-26859
Malicious code in bioql PyPI...
EUVD-2024-26860
Malicious code in bioql PyPI...
CVE-2023-29770
In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering...
CVE-2020-26805
In Sentrifugo 3.2, admin can edit employee's informations via this endpoint -- /sentrifugo/index.php/empadditionaldetails/edit/userid/2. In this POST request, "employeeNumId" parameter is affected by SQLi vulnerability. Attacker can inject SQL commands into query, read data from database or write...
CVE-2020-26803
In Sentrifugo 3.2, users can upload an image under "Assets - Add" tab. This "Upload Images" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload malicious files using this functionality and control the server...
Sentrifugo agencyids parameter SQL injection vulnerability
Sentrifugo is a human resource management system. The system includes functions for human resources management, performance appraisal, recruitment management and asset management. A SQL injection vulnerability exists in Sentrifugo version 3.2, which originates from a lack of validation of...
CVE-2020-28365
Sentrifugo 3.2 allows Stored Cross-Site Scripting XSS vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability only affects products that are no longer supported by...