CVE Catalog

CVE-2026-11506

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Summary

A vulnerability has been found in CodeAstro Leave Management System 1.0, affecting an unknown function of the file /admin/search_staff_for_deletion.php. Manipulation of the argument 'Name' leads to SQL injection.

Risk Assessment

Remote exploitation of this vulnerability is possible, posing a risk of unauthorized access to the organization's database. The public disclosure of the exploit increases the likelihood of an attack.

Recommendation

It is recommended to immediately update the system to the latest version to eliminate this vulnerability. Additionally, implementing extra security measures such as input data filtering is advisable.

Original NVD description (English source)

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search_staff_for_deletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS