This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: SQL Injection in Sentrifugo HRM. π **Consequences**: Attackers can extract **ALL** database data via crafted queries. Critical integrity & confidentiality loss.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **CWE-89**: Improper Neutralization of Special Elements used in an SQL Command. π **Flaw**: Unsanitized `sort_name` parameter in `/sentrifugo/index.php/default/reports/activeuserrptpdf`.
Q3Who is affected? (Versions/Components)
π’ **Vendor**: Sentrifugo. π¦ **Product**: Sentrifugo HRM System. π **Version**: Specifically **v3.2** is affected. Check your deployment version immediately!
Q4What can hackers do? (Privileges/Data)
π **Privileges**: No Auth Required (PR:N). π **Data**: High Impact (C:H, I:H, A:H). Hackers can read, modify, and delete **everything** in the HR database.
π **Public Exp**: No specific PoC code provided in data. β οΈ **Risk**: High CVSS score (9.8) suggests wild exploitation potential. Assume it's being actively targeted.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for `/sentrifugo/index.php/default/reports/activeuserrptpdf`. π§ͺ **Test**: Inject SQL payloads into the `sort_name` parameter. π‘ **Tools**: Use SQLMap or manual Burp Suite requests.
Q8Is it fixed officially? (Patch/Mitigation)
π οΈ **Patch**: Update to latest version immediately. π’ **Source**: Refer to Incibe CERT advisory for official vendor guidance. π **Action**: Apply vendor patches ASAP.
Q9What if no patch? (Workaround)
π§ **Workaround**: Block external access to the `/reports/activeuserrptpdf` endpoint. π **Mitigation**: Implement WAF rules to filter SQL injection patterns in `sort_name`.β¦