SQL injection vulnerability in Sentrifugo 3.2, through ...
Critical severity
Unreviewed
Published
Mar 21, 2024
to the GitHub Advisory Database
•
Updated Mar 21, 2024
Description
Published by the National Vulnerability Database
Mar 21, 2024
Published to the GitHub Advisory Database
Mar 21, 2024
Last updated
Mar 21, 2024
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/activeuserrptpdf, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
References