CVE-2024-29876

Name of the Vulnerable Software and Affected Versions Sentrifugo version 3.2

Description The issue is related to a SQL injection vulnerability. It affects the "/sentrifugo/index.php/reports/activitylogreport" API endpoint, specifically the sortby parameter. This could allow a remote user to send a specially crafted query to the server and extract all the data from it.

Recommendations For Sentrifugo version 3.2, consider disabling the sortby parameter in the "/sentrifugo/index.php/reports/activitylogreport" API endpoint as a temporary workaround until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.