28 matches found
Summar Employee Portal 3.98.0 - Authenticated SQL Injection
Exploit Title: Summar Employee Portal 3.98.0 - Authenticated SQL Injection Google Dork: inurl:"/MemberPages/quienesquien.aspx" Date: 09/22/2025 Exploit Author: Peter Gabaldon - https://pgj11.com/ Vendor Homepage: https://www.summar.es/ Software Link: https://www.summar.es/software-recursos-humano...
CVE-2025-61075
Multiple Incorrect Access Control vulnerabilities in adata Software GmbH Mitarbeiterportal 2.15.2.0 allow remote authenticated, low-privileged users to carry out administrative functions and manipulate data of other users via unauthorized API calls...
CVE-2025-12093
The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to perform several actions like registering an account,...
CVE-2025-12093
The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to perform several actions like registering an account,...
EUVD-2025-201356
The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.6. This makes it possible for unauthenticated attackers to perform several actions like registering an account,...
CVE-2025-12093 Voidek Employee Portal <= 1.0.6 - Missing Authorization
The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.6. This makes it possible for unauthenticated attackers to perform several actions like registering an account,...
CVE-2025-12093 Voidek Employee Portal <= 1.0.7 - Missing Authorization
The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to perform several actions like registering an account,...
CVE-2025-12093
CVE-2025-12093 (Voidek Employee Portal, WordPress) The vulnerability is a missing capability check in several AJAX actions, allowing unauthenticated users to perform account-related actions (register, delete users, modify details) in all versions up to 1.0.6. Wordfence notes the issue in the Void...
PT-2025-49223
The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.6. This makes it possible for unauthenticated attackers to perform several actions like registering an account,...
WordPress plugin Voidek Employee Portal 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
WordPress Voidek Employee Portal plugin <= 1.0.6 - Missing Authorization vulnerability
Missing Authorization vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Voidek Employee Portal versions = 1.0.6...
EUVD-2024-46848
Malicious code in bioql PyPI...
📄 Summer Employee Portal SQL Injection
Summer Employee Portal versions prior to 3.98.0 suffer from an authenticated remote SQL injection vulnerability. Exploit Title: Summar Employee Portal Prior to 3.98.0 Authenticated SQL Injection - CVE-2025-40677 Google Dork: inurl:"/MemberPages/quienesquien.aspx" Date: 09/22/2025 Exploit Author:...
Exploit for CVE-2025-40677
Exploit Title: Summar Employee Portal Prior to 3.98.0 Authenti...
CVE-2025-40678
Unrestricted upload vulnerability for dangerous file types on Summar Software´s Portal del Empleado. This vulnerability allows an attacker to upload a dangerous file type by sending a POST request using the parameter “cctl00$ContentPlaceHolder1$fuAdjunto” in “/MemberPages/ntfabsentismo.aspx”...
Summar Portal del Empleado SQL注入漏洞
Summar Portal del Empleado is an employee portal system from Summar Spain. Summar Portal del Empleado suffers from an SQL injection vulnerability that stems from incorrect manipulation of the parameter ctl00$ContentPlaceHolder1$filtroNombre in the file /MemberPages/quienesquien.aspx, which could...
CVE-2022-43216
AbrhilSoft Employee's Portal before v5.6.2 was discovered to contain a SQL injection vulnerability in the login page...
CVE-2024-5675
Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal, affecting version 3.83.35. This vulnerability could allow an attacker to execute arbitrary code, by injecting a malicious payload into the “ViewState” field...
CVE-2024-5675
Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal, affecting version 3.83.35. This vulnerability could allow an attacker to execute arbitrary code, by injecting a malicious payload into the “ViewState” field...
CVE-2024-5675
Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal, affecting version 3.83.35. This vulnerability could allow an attacker to execute arbitrary code, by injecting a malicious payload into the “ViewState” field...