CVE-2026-11507
MediumCVSS 6.3Summary
A vulnerability was found in CodeAstro Leave Management System 1.0 affecting an unknown function of the file /admin/delete_leave_type.php. Manipulation of the argument leave_type results in SQL injection.
Risk Assessment
An attacker can remotely exploit this vulnerability, posing a serious threat to the integrity of the database and the confidentiality of user data.
Recommendation
It is recommended to immediately update the system to the latest version and implement input data filtering to prevent SQL injection.
Original NVD description (English source)
A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/delete_leave_type.php. The manipulation of the argument leave_type results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

