{"vulnerability": "CVE-2020-26805", "sightings": [{"uuid": "571f3b20-f02c-4d14-99ca-1866d69c875d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26805", "type": "seen", "source": "https://t.me/cibsecurity/16252", "content": "\u203c CVE-2020-26805 \u203c\n\nIn Sentrifugo 3.2, admin can edit employee's informations via this endpoint --> /sentrifugo/index.php/empadditionaldetails/edit/userid/2. In this POST request, \"employeeNumId\" parameter is affected by SQLi vulnerability. Attacker can inject SQL commands into query, read data from database or write data into the database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-12T22:31:57.000000Z"}]}