CVE-2026-11510
MediumCVSS 6.3Summary
A security flaw has been discovered in CodeAstro Leave Management System 1.0, affecting an unknown part of the file /admin/add_leave.php. Manipulating the argument type_of_leave results in SQL injection.
Risk Assessment
An attacker can remotely exploit this vulnerability, posing a serious threat to the integrity of the organization's database.
Recommendation
It is recommended to immediately update the system to the latest version and implement input data filtering to prevent SQL injections.
Original NVD description (English source)
A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/add_leave.php. Performing a manipulation of the argument type_of_leave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

