CVE-2024-29870 — CVSS 9.8 (critical): SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id'…
CVE-2024-29871 — CVSS 9.8 (critical): SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnu…
CVE-2024-29872 — CVSS 9.8 (critical): SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/empscreening/add, 'agencyids' parameter. The exploitation of…
CVE-2024-29873 — CVSS 9.8 (critical): SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. The…
CVE-2024-29874 — CVSS 9.8 (critical): SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/activeuserrptpdf, 'sort_name' parameter. The…
CVE-2024-29875 — CVSS 9.8 (critical): SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/exportactiveuserrpt, 'sort_name' parameter…
CVE-2024-29876 — CVSS 9.8 (critical): SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/activitylogreport, 'sortby' parameter. The…
CVE-2023-29770 — CVSS 8.8 (high): In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension…
CVE-2019-16059 — CVSS 8.8 (high): Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at…
CVE-2020-26803 — CVSS 8.8 (high): In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. This "Upload Images" functionality is suffered from "Unrestricted…
CVE-2020-26804 — CVSS 8.8 (high): In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. Also, in this page, users can upload…
CVE-2020-26805 — CVSS 7.2 (high): In Sentrifugo 3.2, admin can edit employee's informations via this endpoint --> /sentrifugo/index.php/empadditionaldetails/edit/userid/2…
CVE-2024-29879 — CVSS 7.1 (high): Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id'…
CVE-2024-29877 — CVSS 7.1 (high): Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/expenses/expensecategories/edit…
CVE-2024-29878 — CVSS 7.1 (high): Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/sitepreference/add, 'description' parameter. The…
CVE-2020-10218 — CVSS 6.5 (medium): A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the…
CVE-2020-28365 — CVSS 6.1 (medium): Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during…