sapplica/sentrifugo

sapplica/sentrifugo

www.sentrifugo.com

Releases0

Stars503

Sentrifugo is a FREE and powerful Human Resource Management System (HRMS) that can be easily configured to meet your organizational needs.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-29770 ↗	Nov 28, 2023Tuesday, 28 November 2023, 00:15	8.8 HIGH	—
In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering.
CVE-2020-28365 ↗	Dec 30, 2020Wednesday, 30 December 2020, 19:15	6.1 MEDIUM	4.3 MEDIUM
Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2020-10218 ↗	Mar 13, 2020Friday, 13 March 2020, 17:15	6.5 MEDIUM	4 MEDIUM
A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function.