CVE-2024-29875 | Sentrifugo 3.2 exportactiveuserrpt sort_name sql injection

Posted by Angelo Barbosa | Mar 21, 2024 | CVE

A vulnerability, which was classified as critical, has been found in Sentrifugo 3.2. Affected by this issue is some unknown functionality of the file /sentrifugo/index.php/default/reports/exportactiveuserrpt. The manipulation of the argument sort_name leads to sql injection.

This vulnerability is handled as CVE-2024-29875. The attack may be launched remotely. There is no exploit available.

CVE-2024-29875 | Sentrifugo 3.2 exportactiveuserrpt sort_name sql injection

Related Posts

CVE-2024-3543 | Progress LoadMaster prior 7.2.48.12/7.2.54.10/7.2.59.4 storing passwords in a recoverable format

CVE-2024-0799 | Arcserve Unified Data Protection up to 8.1/9.2 wizardLogin doLogin improper authentication

CVE-2024-41012 | Linux Kernel up to 6.9.8 filelock fcntl_setlk use after free (b6d223942c34/3cad1bc01041)

CVE-2024-11259 | code-projects Farmacia 1.0 /fornecedores.php cross site scripting