Remote SQL Injection Vulnerability in CodeAstro Leave Management System
CVE-2026-11508
Key Information:
- Vendor
Codeastro
- Status
- Vendor
- CVE Published:
- 8 June 2026
Badges
What is CVE-2026-11508?
A vulnerability exists in the CodeAstro Leave Management System version 1.0, specifically within the functionality of the /admin/search_staff_to_assign_pc.php file. This flaw allows an attacker to manipulate the 'Name' argument, enabling SQL injection attacks that can be executed remotely. As the exploit has been publicly disclosed, it poses a significant risk to users if not addressed. It is crucial for organizations using this software to implement the necessary security patches and protective measures.
Affected Version(s)
Leave Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
