Personnel Property Equipment System
Monthly
Personnel Property Equipment System has a fourth SQL injection.
Personnel Property Equipment System v1.0 has a third SQL injection.
Arbitrary code execution in Personnel Property Equipment System v1.0 allows authenticated attackers with high privileges to execute malicious code through the admin picture upload functionality. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can achieve complete compromise of confidentiality, integrity, and availability on affected systems.
Personnel Property Equipment System v1.0 has a second SQL injection in a different admin endpoint.
Personnel Property Equipment System v1.0 has SQL injection in admin panel.
Personnel Property Equipment System has a fourth SQL injection.
Personnel Property Equipment System v1.0 has a third SQL injection.
Arbitrary code execution in Personnel Property Equipment System v1.0 allows authenticated attackers with high privileges to execute malicious code through the admin picture upload functionality. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can achieve complete compromise of confidentiality, integrity, and availability on affected systems.
Personnel Property Equipment System v1.0 has a second SQL injection in a different admin endpoint.
Personnel Property Equipment System v1.0 has SQL injection in admin panel.