CVE-2024-29874 | Sentrifugo 3.2 activeuserrptpdf sort_name sql injection

Posted by Angelo Barbosa | Mar 21, 2024 | CVE

A vulnerability was found in Sentrifugo 3.2. It has been declared as critical. This vulnerability affects unknown code of the file through /sentrifugo/index.php/default/reports/activeuserrptpdf. The manipulation of the argument sort_name leads to sql injection.

This vulnerability was named CVE-2024-29874. The attack can be initiated remotely. There is no exploit available.

CVE-2024-29874 | Sentrifugo 3.2 activeuserrptpdf sort_name sql injection

Related Posts

CVE-2024-39435 | Unisoc S8000 Logmanager Service Local Privilege Escalation

CVE-2024-8719 | Flexmls IDX Plugin up to 3.14.22 on WordPress cross site scripting

CVE-2024-39694 | DuendeSoftware IdentityServer up to 6.0.4/6.1.7/6.2.4/6.3.9/7.0.5 redirect (GHSA-ff4q-64jc-gx98)

CVE-2024-1334 | ImageRecycle PDF & Image Compression Plugin up to 3.1.13 on WordPress Setting enableOptimization cross-site request forgery