CVE-2026-11558
MediumCVSS 6.3Summary
A vulnerability has been detected in CodeAstro Payroll System 1.0 that allows SQL injection through manipulation of the rate/salary_rate argument in the /home_salary.php file. The attack can be executed remotely.
Risk Assessment
This vulnerability poses a serious risk to data security as it allows remote attackers to access the database and potentially exfiltrate information.
Recommendation
It is recommended to immediately update the system to the latest version and implement input data filtering to prevent SQL injection attacks.
Original NVD description (English source)
A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /home_salary.php. The manipulation of the argument rate/salary_rate leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

