PT-2026-22654 · Sourcecodester · Personnel Property Equipment System
Zhang Qi
·
Published
2026-03-02
·
Updated
2026-03-06
·
CVE-2026-26700
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
sourcecodester Personnel Property Equipment System version 1.0
Description
The software is susceptible to SQL Injection in the '/ppes/admin/edit employee.php' endpoint. The vulnerability exists due to insufficient input validation when processing data submitted to this endpoint. The vulnerable parameter is not explicitly identified.
Recommendations
Apply appropriate input validation and sanitization techniques to all data submitted to the '/ppes/admin/edit employee.php' endpoint.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Personnel Property Equipment System