PT-2026-22605 · Sourcecodester · Personnel Property Equipment System
Thirtypenny77
·
Published
2026-03-02
·
Updated
2026-03-07
·
CVE-2026-26702
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
sourcecodester Personnel Property Equipment System version 1.0
Description
The software is susceptible to SQL Injection in the
/ppes/admin/myitem reuse.php file. The vulnerability allows for potential unauthorized access to or modification of the database. The vulnerable parameter is not specified. The myitem reuse.php file processes requests without sufficient sanitization of input data, potentially allowing an attacker to inject malicious SQL code.Recommendations
Apply input validation and parameterized queries to the
/ppes/admin/myitem reuse.php file to prevent SQL Injection.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Personnel Property Equipment System