CVE Catalog

CVE-2026-11510

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Summary

A security flaw has been discovered in CodeAstro Leave Management System 1.0, affecting an unknown part of the file /admin/add_leave.php. Manipulating the argument type_of_leave results in SQL injection.

Risk Assessment

An attacker can remotely exploit this vulnerability, posing a serious threat to the integrity of the organization's database.

Recommendation

It is recommended to immediately update the system to the latest version and implement input data filtering to prevent SQL injections.

Original NVD description (English source)

A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/add_leave.php. Performing a manipulation of the argument type_of_leave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS