Lucene search
K

28 matches found

Exploit DB
Exploit DB
added 2025/12/16 12:0 a.m.176 views

Summar Employee Portal 3.98.0 - Authenticated SQL Injection

Exploit Title: Summar Employee Portal 3.98.0 - Authenticated SQL Injection Google Dork: inurl:"/MemberPages/quienesquien.aspx" Date: 09/22/2025 Exploit Author: Peter Gabaldon - https://pgj11.com/ Vendor Homepage: https://www.summar.es/ Software Link: https://www.summar.es/software-recursos-humano...

8.7CVSS7AI score0.00588EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/12/11 5:3 a.m.5 views

CVE-2025-61075

Multiple Incorrect Access Control vulnerabilities in adata Software GmbH Mitarbeiterportal 2.15.2.0 allow remote authenticated, low-privileged users to carry out administrative functions and manipulate data of other users via unauthorized API calls...

8.1CVSS7AI score0.00454EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/06 6:58 a.m.11 views

CVE-2025-12093

The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to perform several actions like registering an account,...

5.3CVSS5.9AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2025/12/05 7:16 a.m.6 views

CVE-2025-12093

The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to perform several actions like registering an account,...

5.3CVSS0.00236EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/05 6:7 a.m.7 views

EUVD-2025-201356

The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.6. This makes it possible for unauthenticated attackers to perform several actions like registering an account,...

5.3CVSS5AI score0.00236EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/05 6:7 a.m.4 views

CVE-2025-12093 Voidek Employee Portal <= 1.0.6 - Missing Authorization

The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.6. This makes it possible for unauthenticated attackers to perform several actions like registering an account,...

5.3CVSS5.1AI score0.00236EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/05 6:7 a.m.32 views

CVE-2025-12093 Voidek Employee Portal <= 1.0.7 - Missing Authorization

The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to perform several actions like registering an account,...

5.3CVSS0.00236EPSS
Exploits0References3
CVE
CVE
added 2025/12/05 6:7 a.m.22 views

CVE-2025-12093

CVE-2025-12093 (Voidek Employee Portal, WordPress) The vulnerability is a missing capability check in several AJAX actions, allowing unauthenticated users to perform account-related actions (register, delete users, modify details) in all versions up to 1.0.6. Wordfence notes the issue in the Void...

5.3CVSS5.9AI score0.00236EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.10 views

PT-2025-49223

The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.6. This makes it possible for unauthenticated attackers to perform several actions like registering an account,...

5.3CVSS5.4AI score0.00236EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.5 views

WordPress plugin Voidek Employee Portal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.3CVSS6.5AI score0.00236EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/04 11:4 p.m.6 views

WordPress Voidek Employee Portal plugin <= 1.0.6 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Voidek Employee Portal versions = 1.0.6...

5.3CVSS6.7AI score0.00236EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-46848

Malicious code in bioql PyPI...

10CVSS6.6AI score0.00637EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/09/23 12:0 a.m.189 views

📄 Summer Employee Portal SQL Injection

Summer Employee Portal versions prior to 3.98.0 suffer from an authenticated remote SQL injection vulnerability. Exploit Title: Summar Employee Portal Prior to 3.98.0 Authenticated SQL Injection - CVE-2025-40677 Google Dork: inurl:"/MemberPages/quienesquien.aspx" Date: 09/22/2025 Exploit Author:...

8.7CVSS7.9AI score0.00588EPSS
Exploits3
GithubExploit
GithubExploit
added 2025/09/22 8:2 a.m.182 views

Exploit for CVE-2025-40677

Exploit Title: Summar Employee Portal Prior to 3.98.0 Authenti...

8.7CVSS8.4AI score0.00588EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/09/20 12:32 p.m.7 views

CVE-2025-40678

Unrestricted upload vulnerability for dangerous file types on Summar Software´s Portal del Empleado. This vulnerability allows an attacker to upload a dangerous file type by sending a POST request using the parameter “cctl00$ContentPlaceHolder1$fuAdjunto” in “/MemberPages/ntfabsentismo.aspx”...

5.3CVSS7AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/18 12:0 a.m.5 views

Summar Portal del Empleado SQL注入漏洞

Summar Portal del Empleado is an employee portal system from Summar Spain. Summar Portal del Empleado suffers from an SQL injection vulnerability that stems from incorrect manipulation of the parameter ctl00$ContentPlaceHolder1$filtroNombre in the file /MemberPages/quienesquien.aspx, which could...

8.7CVSS7.5AI score0.00588EPSS
Exploits3References3
RedhatCVE
RedhatCVE
added 2025/05/22 10:0 p.m.5 views

CVE-2022-43216

AbrhilSoft Employee's Portal before v5.6.2 was discovered to contain a SQL injection vulnerability in the login page...

9.1CVSS8.3AI score0.0049EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:39 a.m.5 views

CVE-2024-5675

Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal, affecting version 3.83.35. This vulnerability could allow an attacker to execute arbitrary code, by injecting a malicious payload into the “ViewState” field...

10CVSS7.6AI score0.00637EPSS
Exploits0References1
NVD
NVD
added 2024/06/06 1:15 p.m.22 views

CVE-2024-5675

Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal, affecting version 3.83.35. This vulnerability could allow an attacker to execute arbitrary code, by injecting a malicious payload into the “ViewState” field...

10CVSS9.7AI score0.00637EPSS
Exploits0References1
OSV
OSV
added 2024/06/06 1:15 p.m.2 views

CVE-2024-5675

Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal, affecting version 3.83.35. This vulnerability could allow an attacker to execute arbitrary code, by injecting a malicious payload into the “ViewState” field...

9.8CVSS6AI score0.00637EPSS
Exploits0References1
Rows per page
Query Builder