CodeAstro Leave Management System search_staff_for_updation.php sql injection
CVE-2026-11509

5.3MEDIUM

Key Information:

Vendor: Codeastro
Status: Leave Management System
Vendor: CVE Published:; 8 June 2026

What is CVE-2026-11509?

A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/search_staff_for_updation.php. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote.

Affected Version(s)

Leave Management System 1.0

References

https://vuldb.com/vuln/369129

vdb-entrytechnical-description

https://vuldb.com/vuln/369129/cti

signaturepermissions-required

https://vuldb.com/cve/CVE-2026-11509

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 8, 2026
Vulnerability Reserved
Jun 7, 2026

Credit

SchneiderGrace (VulDB User)

VulDB Vulnerability Moderation Team

CVE-2026-11509 Data

JSON