Sentrifugo Security Vulnerabilities and Issues — Sentrifugo CVE List

Lucene search

SapplicaSentrifugo

3 matches found

CVE•added 2020/11/12 7:15 p.m.•57 views

CVE-2020-26805

In Sentrifugo 3.2, admin can edit employee's informations via this endpoint --> /sentrifugo/index.php/empadditionaldetails/edit/userid/2. In this POST request, "employeeNumId" parameter is affected by SQLi vulnerability. Attacker can inject SQL commands into query, read data from database or wri...

7.2CVSS7.3AI score0.00533EPSS

CVE•added 2020/11/12 7:15 p.m.•37 views

CVE-2020-26803

In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. This "Upload Images" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload malicious files using this functionality and control the server.

8.8CVSS8.6AI score0.00423EPSS

CVE•added 2020/11/12 7:15 p.m.•37 views

CVE-2020-26804

In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. Also, in this page, users can upload attachments with the shared announcements. This "Upload Attachment" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload ma...

8.8CVSS8.6AI score0.00423EPSS