Sapplica

Sentrifugo

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2024-29879

  • EPSS 0.08%
  • Veröffentlicht 21.03.2024 14:15:09
  • Zuletzt bearbeitet 24.01.2025 18:17:54

Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL ...

6.1

CVE-2024-29878

  • EPSS 0.09%
  • Veröffentlicht 21.03.2024 14:15:09
  • Zuletzt bearbeitet 24.01.2025 18:17:36

Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/sitepreference/add, 'description' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim a...

6.1

CVE-2024-29877

  • EPSS 0.08%
  • Veröffentlicht 21.03.2024 14:15:09
  • Zuletzt bearbeitet 24.01.2025 18:17:39

Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/expenses/expensecategories/edit, 'expense_category_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially craf...

9.8

CVE-2024-29876

  • EPSS 0.76%
  • Veröffentlicht 21.03.2024 14:15:09
  • Zuletzt bearbeitet 24.01.2025 18:18:23

SQL injection vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/reports/activitylogreport, 'sortby' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extrac...

9.8

CVE-2024-29871

  • EPSS 0.78%
  • Veröffentlicht 21.03.2024 14:15:08
  • Zuletzt bearbeitet 24.01.2025 18:18:34

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, 'id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially cr...

9.8

CVE-2024-29875

  • EPSS 0.78%
  • Veröffentlicht 21.03.2024 14:15:08
  • Zuletzt bearbeitet 24.01.2025 18:18:25

SQL injection vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/default/reports/exportactiveuserrpt, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the serve...

9.8

CVE-2024-29874

  • EPSS 0.78%
  • Veröffentlicht 21.03.2024 14:15:08
  • Zuletzt bearbeitet 24.01.2025 18:18:27

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/activeuserrptpdf, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server an...

9.8

CVE-2024-29873

  • EPSS 0.78%
  • Veröffentlicht 21.03.2024 14:15:08
  • Zuletzt bearbeitet 24.01.2025 18:18:29

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server a...

9.8

CVE-2024-29872

  • EPSS 0.78%
  • Veröffentlicht 21.03.2024 14:15:08
  • Zuletzt bearbeitet 24.01.2025 18:18:31

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/empscreening/add, 'agencyids' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all th...

9.8

CVE-2024-29870

  • EPSS 0.8%
  • Veröffentlicht 21.03.2024 14:15:07
  • Zuletzt bearbeitet 24.01.2025 18:18:36

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter./sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerabi...