Creosote

**Name of the Vulnerable Software and Affected Versions** Sentrifugo version 3.2 **Description** The issue allows authenticated users to bypass multiple file upload restrictions, potentially enabling them to execute arbitrary code via a webshell. **Recommendations** For Sentrifugo version 3.2, update to a version that includes a fix for this issue, as the current version allows authenticated users to bypass file upload restrictions and potentially execute arbitrary code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sentrifugo version 3.2 **Description** The issue concerns multiple stored XSS vulnerabilities. These vulnerabilities could allow authenticated users to inject arbitrary web script or HTML. **Recommendations** For Sentrifugo version 3.2, update to a version that includes a fix for the stored XSS vulnerabilities. At the moment, there is no information about a newer version that contains a fix for this vulnerability.