CVE-2020-26805 – In Sentrifugo 3.2, admin can edit employee’s informations via this endpoint –> /sentri …

12 November 2020

Vuln ID: CVE-2020-26805

Published: 2020-11-12 19:15:15Z

Description: In Sentrifugo 3.2, admin can edit employee’s informations via this endpoint –> /sentrifugo/index.php/empadditionaldetails/edit/userid/2. In this POST request, "employeeNumId" parameter is affected by SQLi vulnerability. Attacker can inject SQL commands into query, read data from database or write data into the database.

Source: NVD.NIST.GOV

Date:

12 November 2020

Categorie(s):

NVD

Tag(s):

NVD

Oasis Security reels in $35M more to secure nonhuman identities1 May 2024
Senators grill UnitedHealth CEO on Change Healthcare cyberattack1 May 2024
Website Heatmap: What It Is, Why You Need It, And How To Use It1 May 2024
Test Automation: Features, Benefits, And Challenges Of Automated Testing1 May 2024
4 Ways To Remove Mac Purgeable Space1 May 2024