CVE Catalog

CVE-2026-11508

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Summary

A vulnerability was identified in CodeAstro Leave Management System version 1.0, affecting an unknown functionality of the file /admin/search_staff_to_assign_pc.php. Manipulation of the argument 'Name' leads to SQL injection.

Risk Assessment

An attacker can remotely exploit this vulnerability, posing a risk of unauthorized access to the database and data leakage.

Recommendation

It is recommended to update the system to the latest version and implement input data filtering to prevent SQL injection.

Original NVD description (English source)

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search_staff_to_assign_pc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS