Lucene search
K

31 matches found

RedhatCVE
RedhatCVE
added 2026/03/03 1:48 a.m.5 views

CVE-2026-26703

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advancesearch.php...

9.8CVSS6AI score0.00553EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/02 12:0 a.m.3 views

CVE-2026-26703

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advancesearch.php...

9.8CVSS6AI score0.00553EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.6 views

Personnel Property Equipment System 安全漏洞

Personnel Property Equipment System is a personnel property equipment management system developed by Jon Remus Sevellejo. Version 1.0 of Personnel Property Equipment System has a security vulnerability, which stems from an SQL injection vulnerability in the /ppes/admin/advancesearch.php file...

9.8CVSS5.8AI score0.00553EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/02 12:0 a.m.7 views

EUVD-2026-9193

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advancesearch.php...

6AI score0.00553EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.7 views

PT-2026-22606

Name of the Vulnerable Software and Affected Versions sourcecodester Personnel Property Equipment System version 1.0 Description The software is susceptible to a SQL Injection issue. The vulnerability exists in the /ppes/admin/advance search.php file. The vulnerable parameter is not specified...

9.8CVSS6AI score0.00553EPSS
Exploits1References9
CVE
CVE
added 2026/03/02 12:0 a.m.24 views

CVE-2026-26703

CVE-2026-26703 affects sourcecodester Personnel Property Equipment System v1.0. The vulnerability is a SQL Injection in the /ppes/admin/advance_search.php endpoint. CVSS v3.1 metrics indicate a CRITICAL impact (base score 9.8) with NETWORK attack vector, LOW attack complexity, NO privileges requi...

9.8CVSS6AI score0.00553EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/03/02 12:0 a.m.22 views

CVE-2026-26703

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advancesearch.php...

0.00553EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-24801

Malware in sbrugna...

6.1CVSS6.3AI score0.00895EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.6 views

PT-2025-37477

Name of the Vulnerable Software and Affected Versions: Campcodes Online Job Finder System version 1.0 Description: A security flaw exists in Campcodes Online Job Finder System that allows for SQL injection. The issue affects the processing of the /advancesearch.php file. Manipulation of the...

9.8CVSS7.3AI score0.00456EPSS
Exploits1References9
Cvelist
Cvelist
added 2024/04/15 5:0 a.m.26 views

CVE-2024-2739 Advance Search <= 1.1.6 - Shortcode Deletion via CSRF

The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

6.7AI score0.00335EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/04/15 5:0 a.m.13 views

CVE-2024-2739 Advance Search <= 1.1.6 - Shortcode Deletion via CSRF

The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

6.8AI score0.00335EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/03/25 12:0 a.m.12 views

Advance Search <= 1.1.6 - Shortcode Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks PoC Make a logged in admin open the following HTML replace FORMID with a valid ID: The security field isn't validated and the shortcode is...

6.4AI score0.00335EPSS
Exploits2
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.12 views

WordPress GFireM Advance Search Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software GFireM Advance Search Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 324100e371c6 Credits Rafie Muhammad Patchstack...

6.4AI score0.00284EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.12 views

WordPress GFireM Advance Search plugin <= 1.2.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress GFireM Advance Search plugin versions = 1.2.2. Solution No patched version available...

4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.7 views

WordPress GFireM Advance Search plugin <= 1.2.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress GFireM Advance Search plugin versions = 1.2.2. Solution No patched version available...

2.5AI score
Exploits0References2Affected Software1
OSV
OSV
added 2021/09/10 2:15 p.m.5 views

CVE-2021-38348

The Advance Search WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the wpasid parameter found in the /inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.2...

6.1CVSS5.8AI score0.00895EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/09/10 1:32 p.m.26 views

CVE-2021-38348 Advance Search <= 1.1.2 Reflected Cross-Site Scripting

The Advance Search WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the wpasid parameter found in the /inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.2...

6.1CVSS6.2AI score0.00895EPSS
Exploits1References2
CVE
CVE
added 2021/09/10 1:32 p.m.49 views

CVE-2021-38348

The CVE-2021-38348 entry describes a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress Advanced Search plugin (versions up to and including 1.1.2) due to the wpas_id parameter in the file ~/inc/admin/views/html-advance-search-admin-options.php. The underlying issue is a reflecte...

6.1CVSS6AI score0.00895EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/09/10 12:0 a.m.5 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

6.1CVSS6.1AI score0.00895EPSS
Exploits1References4
WPVulnDB
WPVulnDB
added 2021/09/09 12:0 a.m.19 views

Advance Search < 1.1.3 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the wpasid parameter found in the /inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.6AI score0.00895EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder