Skip to main content

Sentrifugo

20 CVEs product

Monthly

CVE-2024-29879 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Sentrifugo
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-29878 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/sitepreference/add, 'description' parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Sentrifugo
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-29877 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/expenses/expensecategories/edit, 'expense_category_name' parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Sentrifugo
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-29876 CRITICAL Act Now

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/activitylogreport, 'sortby' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sentrifugo
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-29875 CRITICAL Act Now

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/exportactiveuserrpt, 'sort_name' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sentrifugo
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-29874 CRITICAL Act Now

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/activeuserrptpdf, 'sort_name' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sentrifugo
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-29873 CRITICAL Act Now

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sentrifugo
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-29872 CRITICAL Act Now

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/empscreening/add, 'agencyids' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sentrifugo
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-29871 CRITICAL Act Now

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, 'id' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sentrifugo
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-29870 CRITICAL Act Now

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter./sentrifugo/index.php/index/getdepartments/format/html,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sentrifugo
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-29770 HIGH POC This Week

In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sentrifugo
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-28365 MEDIUM PATCH This Month

Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Sentrifugo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-26805 HIGH POC This Week

In Sentrifugo 3.2, admin can edit employee's informations via this endpoint --> /sentrifugo/index.php/empadditionaldetails/edit/userid/2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Sentrifugo
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2020-26804 HIGH POC This Week

In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sentrifugo
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-26803 HIGH POC This Week

In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sentrifugo
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-10218 MEDIUM POC PATCH This Month

A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Sentrifugo
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-16059 HIGH POC This Week

Sentrifugo 3.2 lacks CSRF protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE CSRF Sentrifugo
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-15814 MEDIUM POC This Month

Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sentrifugo
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.6%
CVE-2019-15813 HIGH POC THREAT This Week

Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Sentrifugo
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
33.2%
CVE-2018-15873 CRITICAL POC Act Now

A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sentrifugo
NVD
CVSS 3.1
9.8
EPSS
1.1%
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Sentrifugo
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/sitepreference/add, 'description' parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Sentrifugo
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/expenses/expensecategories/edit, 'expense_category_name' parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Sentrifugo
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/activitylogreport, 'sortby' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sentrifugo
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/exportactiveuserrpt, 'sort_name' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sentrifugo
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/activeuserrptpdf, 'sort_name' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sentrifugo
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sentrifugo
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/empscreening/add, 'agencyids' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sentrifugo
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, 'id' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sentrifugo
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter./sentrifugo/index.php/index/getdepartments/format/html,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sentrifugo
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sentrifugo
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Sentrifugo
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

In Sentrifugo 3.2, admin can edit employee's informations via this endpoint --> /sentrifugo/index.php/empadditionaldetails/edit/userid/2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Sentrifugo
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sentrifugo
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sentrifugo
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Sentrifugo
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

Sentrifugo 3.2 lacks CSRF protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE CSRF +1
NVD
EPSS 2% CVSS 5.4
MEDIUM POC This Month

Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sentrifugo
NVD Exploit-DB
EPSS 33% CVSS 8.8
HIGH POC THREAT This Week

Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Sentrifugo
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sentrifugo
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy