31 matches found
CVE-2026-26703
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advancesearch.php...
CVE-2026-26703
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advancesearch.php...
Personnel Property Equipment System 安全漏洞
Personnel Property Equipment System is a personnel property equipment management system developed by Jon Remus Sevellejo. Version 1.0 of Personnel Property Equipment System has a security vulnerability, which stems from an SQL injection vulnerability in the /ppes/admin/advancesearch.php file...
EUVD-2026-9193
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advancesearch.php...
PT-2026-22606
Name of the Vulnerable Software and Affected Versions sourcecodester Personnel Property Equipment System version 1.0 Description The software is susceptible to a SQL Injection issue. The vulnerability exists in the /ppes/admin/advance search.php file. The vulnerable parameter is not specified...
CVE-2026-26703
CVE-2026-26703 affects sourcecodester Personnel Property Equipment System v1.0. The vulnerability is a SQL Injection in the /ppes/admin/advance_search.php endpoint. CVSS v3.1 metrics indicate a CRITICAL impact (base score 9.8) with NETWORK attack vector, LOW attack complexity, NO privileges requi...
CVE-2026-26703
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advancesearch.php...
EUVD-2021-24801
Malware in sbrugna...
PT-2025-37477
Name of the Vulnerable Software and Affected Versions: Campcodes Online Job Finder System version 1.0 Description: A security flaw exists in Campcodes Online Job Finder System that allows for SQL injection. The issue affects the processing of the /advancesearch.php file. Manipulation of the...
CVE-2024-2739 Advance Search <= 1.1.6 - Shortcode Deletion via CSRF
The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-2739 Advance Search <= 1.1.6 - Shortcode Deletion via CSRF
The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Advance Search <= 1.1.6 - Shortcode Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks PoC Make a logged in admin open the following HTML replace FORMID with a valid ID: The security field isn't validated and the shortcode is...
WordPress GFireM Advance Search Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)
Software GFireM Advance Search Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 324100e371c6 Credits Rafie Muhammad Patchstack...
WordPress GFireM Advance Search plugin <= 1.2.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress GFireM Advance Search plugin versions = 1.2.2. Solution No patched version available...
WordPress GFireM Advance Search plugin <= 1.2.2 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress GFireM Advance Search plugin versions = 1.2.2. Solution No patched version available...
CVE-2021-38348
The Advance Search WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the wpasid parameter found in the /inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.2...
CVE-2021-38348 Advance Search <= 1.1.2 Reflected Cross-Site Scripting
The Advance Search WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the wpasid parameter found in the /inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.2...
CVE-2021-38348
The CVE-2021-38348 entry describes a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress Advanced Search plugin (versions up to and including 1.1.2) due to the wpas_id parameter in the file ~/inc/admin/views/html-advance-search-admin-options.php. The underlying issue is a reflecte...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...
Advance Search < 1.1.3 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting via the wpasid parameter found in the /inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts...