Vulnerabilities > Sapplica > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-28 CVE-2023-29770 Unrestricted Upload of File with Dangerous Type vulnerability in Sapplica Sentrifugo 3.5
In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering.
network
low complexity
sapplica CWE-434
8.8
8.8
2020-11-12 CVE-2020-26805 SQL Injection vulnerability in Sapplica Sentrifugo 3.2
In Sentrifugo 3.2, admin can edit employee's informations via this endpoint --> /sentrifugo/index.php/empadditionaldetails/edit/userid/2.
network
low complexity
sapplica CWE-89
7.2
7.2
2020-11-12 CVE-2020-26804 Unrestricted Upload of File with Dangerous Type vulnerability in Sapplica Sentrifugo 3.2
In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab.
network
low complexity
sapplica CWE-434
8.8
8.8
2020-11-12 CVE-2020-26803 Unrestricted Upload of File with Dangerous Type vulnerability in Sapplica Sentrifugo 3.2
In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab.
network
low complexity
sapplica CWE-434
8.8
8.8
2019-09-06 CVE-2019-16059 Cross-Site Request Forgery (CSRF) vulnerability in Sapplica Sentrifugo 3.2
Sentrifugo 3.2 lacks CSRF protection.
network
low complexity
sapplica CWE-352
8.8
8.8