Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
SapplicaSentrifugo

4 matches found

CVE
CVEadded 2019/09/06 7:15 p.m.61 views

CVE-2019-16059

Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page.

8.8CVSS8.4AI score0.00145EPSS
CVE
CVEadded 2020/11/12 7:15 p.m.37 views

CVE-2020-26803

In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. This "Upload Images" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload malicious files using this functionality and control the server.

8.8CVSS8.6AI score0.00423EPSS
CVE
CVEadded 2020/11/12 7:15 p.m.37 views

CVE-2020-26804

In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. Also, in this page, users can upload attachments with the shared announcements. This "Upload Attachment" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload ma...

8.8CVSS8.6AI score0.00423EPSS
CVE
CVEadded 2023/11/28 12:15 a.m.30 views

CVE-2023-29770

In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering.

8.8CVSS8.5AI score0.00155EPSS