This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: SQL Injection (SQLi) in Sentrifugo HRMS. π **Consequences**: Attackers can extract **ALL** database data via the `/reports/businessunits/format/html` endpoint.β¦
π‘οΈ **Root Cause**: **CWE-89** (SQL Injection). π **Flaw**: The `bunitname` parameter in the `index.php` script fails to sanitize input, allowing malicious SQL queries to execute directly on the server.
Q3Who is affected? (Versions/Components)
π’ **Affected**: **Sentrifugo** HR Management System. π¦ **Version**: Specifically **v3.2**. π **Component**: The `reports/businessunits` module is the entry point.
Q4What can hackers do? (Privileges/Data)
π **Capabilities**: Hackers can bypass logic and dump the entire database. π **Data**: Access to sensitive HR, performance, and asset records.β¦
β‘ **Threshold**: **LOW**. π« **Auth**: None required (PR:N). π **Network**: Remote (AV:N). π― **Complexity**: Low (AC:L). Easy to exploit for anyone with network access.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exp**: No specific PoC code provided in the data. π **Status**: Reference link exists (Incibe), but no executable exploit script is listed in the `pocs` array.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for the path `/sentrifugo/index.php/reports/businessunits/format/html`. π§ͺ **Test**: Inject SQL payloads into the `bunitname` parameter.β¦
π οΈ **Fix**: Official patch info is not detailed in the provided text. π **Action**: Check the vendor's official notice (Incibe link) for the latest patch or update instructions.
Q9What if no patch? (Workaround)
π§ **Workaround**: If no patch, **disable** the `/reports/businessunits` endpoint. π **Block**: Restrict access to `index.php` via WAF or firewall rules.β¦