Sentrifugo Security Vulnerabilities and Issues — Sentrifugo CVE List

Lucene search

SentrifugoSentrifugo

7 matches found

CVE•added 2024/03/21 2:15 p.m.•58 views

CVE-2024-29870

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter./sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a speciall...

9.8CVSS9.7AI score0.00801EPSS

Web

CVE•added 2024/03/21 2:15 p.m.•54 views

CVE-2024-29872

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/empscreening/add, 'agencyids' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.

9.8CVSS9.7AI score0.00777EPSS

Web

CVE•added 2024/03/21 2:15 p.m.•51 views

CVE-2024-29873

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.

9.8CVSS9.7AI score0.00777EPSS

Web

CVE•added 2024/03/21 2:15 p.m.•51 views

CVE-2024-29875

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/exportactiveuserrpt, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.

9.8CVSS9.7AI score0.00777EPSS

Web

CVE•added 2024/03/21 2:15 p.m.•50 views

CVE-2024-29876

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/activitylogreport, 'sortby' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.

9.8CVSS9.7AI score0.00763EPSS

Web

CVE•added 2024/03/21 2:15 p.m.•47 views

CVE-2024-29871

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, 'id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data...

9.8CVSS9.7AI score0.00777EPSS

Web

CVE•added 2024/03/21 2:15 p.m.•47 views

CVE-2024-29874

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/activeuserrptpdf, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.

9.8CVSS9.7AI score0.00777EPSS

Web