28 matches found
PT-2026-45853
Name of the Vulnerable Software and Affected Versions SourceCodester Human Resource Management version 1.0 Description An issue exists in the Employee View Page component within the '/detailview.php' endpoint. Remote manipulation of the employeeid argument leads to improper control of resource...
CVE-2026-5790 Stored Cross-Site Scripting (XSS) vulnerability in Stel Order
Stored Cross-Site Scripting XSS in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper input sanitization allows an attacker to inject malicious code that is persistently stored in the database. When...
CVE-2026-5798 Unsafe Object Reference (IDOR) vulnerability in Stel Order
Unsafe object reference IDOR in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee first names, last...
STEL Order 安全漏洞
STEL Order is an ERP, CRM, and online billing management platform developed by the Spanish company STEL for small and medium-sized enterprises. Versions of STEL Order prior to 3.25.1 contained a security vulnerability. This vulnerability stemmed from improper handling of the employeeID parameter,...
PT-2026-40913
Unsafe object reference IDOR in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee first names, last...
EUVD-2026-19466
A flaw has been found in itsourcecode sanitize or validate this input 1.0. This impacts an unknown function of the file /borrowedequip.php of the component Parameter Handler. This manipulation of the argument empid causes sql injection. The attack is possible to be carried out remotely. The explo...
CVE-2026-5681
A flaw has been found in itsourcecode sanitize or validate this input 1.0. This impacts an unknown function of the file /borrowedequip.php of the component Parameter Handler. This manipulation of the argument empid causes sql injection. The attack is possible to be carried out remotely. The explo...
CVE-2026-33730
Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...
EUVD-2026-16509
Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...
Horilla Access Control Vulnerability
Horilla is a free open-source human resources software developed by Horilla Company. Versions of Horilla from 1.4.0 to 1.5.0 contained an access control vulnerability. This vulnerability stemmed from insufficient validation of the employeeid parameter on the server side, allowing any authenticate...
CVE-2025-14568
CVE-2025-14568 affects haxxorsid Stock-Management-System (fbbbf213e9c93b87183a3891f77e3cc7095f22b0) with a SQL injection in the file model/User.php . The vulnerability arises from manipulation of the arguments employee_id , id , or admin , enabling remote exploitation. Public disclosure is noted,...
EUVD-2025-26308
Malicious code in bioql PyPI...
User Enumeration
prestashop/prestashop is vulnerable to User Enumeration. The vulnerability is due to insufficient validation of the idemployee and resettoken parameters due to the back-office accepting manipulated values without proper authentication or checks; an unauthenticated attacker can craft requests to t...
CVE-2025-9743
A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. Impacted is an unknown function of the file loginattendance2.php. Performing manipulation of the argument employeeid/date results in sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2025-9743
CVE-2025-9743 affects code-projects Human Resource Integrated System 1.0. The vulnerability is a SQL injection in the file login_attendance2.php, triggered by manipulating the arguments employee_id/date. It is exploitable remotely and an exploit has been publicly released, with multiple sources c...
CVE-2025-9733
A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. This impacts an unknown function of the file /logintimeee.php. Performing manipulation of the argument empid results in sql injection. The attack may be initiated remotely. The exploit has been released to...
PT-2025-35424
Name of the Vulnerable Software and Affected Versions: code-projects Human Resource Integrated System version 1.0 Description: A security flaw exists in code-projects Human Resource Integrated System version 1.0. The issue involves a SQL injection affecting an unknown function within the login...
Code-Projects Human Resource Integrated System 安全漏洞
Human Resource Integrated System is a human resource management system. Human Resource Integrated System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter employeeid/date in the file loginattendance2.php. A...
CVE-2025-57761
WeGIA is a Web manager for charitable institutions. Prior to 3.4.10, there is a SQL Injection vulnerability in the /html/funcionario/dependenteremover.php endpoint, specifically in the idfuncionario parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the...
CVE-2025-57761
WeGIA is a Web manager for charitable institutions. Prior to 3.4.10, there is a SQL Injection vulnerability in the /html/funcionario/dependenteremover.php endpoint, specifically in the idfuncionario parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the...