CVE-2026-11506
MediumCVSS 6.3Summary
A vulnerability has been found in CodeAstro Leave Management System 1.0, affecting an unknown function of the file /admin/search_staff_for_deletion.php. Manipulation of the argument 'Name' leads to SQL injection.
Risk Assessment
Remote exploitation of this vulnerability is possible, posing a risk of unauthorized access to the organization's database. The public disclosure of the exploit increases the likelihood of an attack.
Recommendation
It is recommended to immediately update the system to the latest version to eliminate this vulnerability. Additionally, implementing extra security measures such as input data filtering is advisable.
Original NVD description (English source)
A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search_staff_for_deletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

