CVE Catalog

CVE-2026-11558

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Summary

A vulnerability has been detected in CodeAstro Payroll System 1.0 that allows SQL injection through manipulation of the rate/salary_rate argument in the /home_salary.php file. The attack can be executed remotely.

Risk Assessment

This vulnerability poses a serious risk to data security as it allows remote attackers to access the database and potentially exfiltrate information.

Recommendation

It is recommended to immediately update the system to the latest version and implement input data filtering to prevent SQL injection attacks.

Original NVD description (English source)

A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /home_salary.php. The manipulation of the argument rate/salary_rate leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS