Sapplica : Security Vulnerabilities, CVEs, (Sql injection)
In Sentrifugo 3.2, admin can edit employee's informations via this endpoint --> /sentrifugo/index.php/empadditionaldetails/edit/userid/2. In this POST request, "employeeNumId" parameter is affected by SQLi vulnerability. Attacker can inject SQL commands into query, read data from database or write data into the database.
Max CVSS
7.2
EPSS Score
0.11%
Published
2020-11-12
Updated
2020-11-17
A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function.
Max CVSS
6.5
EPSS Score
0.09%
Published
2020-03-13
Updated
2020-03-17
A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-08-28
Updated
2019-09-16
3 vulnerabilities found