Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Sentrifugo 3.2, admin can edit employee's informations via this endpoint --> /sentrifugo/index.php/empadditionaldetails/edit/userid/2. In this POST request, "employeeNumId" parameter is affected by SQLi vulnerability. Attacker can inject SQL commands into query, read data from database or write data into the database.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sentrifugo SQL注入漏洞
Vulnerability Description
Sentrifugo是一套人力资源管理系统。该系统包括人力资源管理、绩效考核、招聘管理和资产管理等功能。 Sentrifugo 3.2 版本存在SQL注入漏洞,该漏洞源于管理员可以通过这个端点编辑员工的信息——> /sentrifugo/index.php/empadditionaldetails/edit/userid/2。在这个POST请求中employeeNumId参数受到SQLi漏洞的影响。攻击者可利用该漏洞可以将SQL命令注入到查询中,从数据库中读取数据或向数据库中写入数据。
CVSS Information
N/A
Vulnerability Type
N/A