PT-2026-22654 · Sourcecodester · Personnel Property Equipment System

Zhang Qi

Publicado

2026-03-02

Atualizado

2026-03-06

CVE-2026-26700

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions sourcecodester Personnel Property Equipment System version 1.0

Description The software is susceptible to SQL Injection in the '/ppes/admin/edit employee.php' endpoint. The vulnerability exists due to insufficient input validation when processing data submitted to this endpoint. The vulnerable parameter is not explicitly identified.

Recommendations Apply appropriate input validation and sanitization techniques to all data submitted to the '/ppes/admin/edit employee.php' endpoint.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2026-26700

Produtos afetados

Personnel Property Equipment System

PT-2026-22654 · Sourcecodester · Personnel Property Equipment System

CVE-2026-26700

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9