Vulnerabilities > Sapplica
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-28 | CVE-2023-29770 | Unrestricted Upload of File with Dangerous Type vulnerability in Sapplica Sentrifugo 3.5 In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering. | 8.8 |
| 2020-12-30 | CVE-2020-28365 | Cross-site Scripting vulnerability in Sapplica Sentrifugo 3.2 Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. | 6.1 |
| 2020-11-12 | CVE-2020-26805 | SQL Injection vulnerability in Sapplica Sentrifugo 3.2 In Sentrifugo 3.2, admin can edit employee's informations via this endpoint --> /sentrifugo/index.php/empadditionaldetails/edit/userid/2. | 7.2 |
| 2020-11-12 | CVE-2020-26804 | Unrestricted Upload of File with Dangerous Type vulnerability in Sapplica Sentrifugo 3.2 In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. | 8.8 |
| 2020-11-12 | CVE-2020-26803 | Unrestricted Upload of File with Dangerous Type vulnerability in Sapplica Sentrifugo 3.2 In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. | 8.8 |
| 2020-03-13 | CVE-2020-10218 | SQL Injection vulnerability in Sapplica Sentrifugo 3.2 A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function. | 6.5 |
| 2019-09-06 | CVE-2019-16059 | Cross-Site Request Forgery (CSRF) vulnerability in Sapplica Sentrifugo 3.2 Sentrifugo 3.2 lacks CSRF protection. | 8.8 |
| 2018-08-28 | CVE-2018-15873 | SQL Injection vulnerability in Sapplica Sentrifugo 3.2 A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter. | 9.8 |