SQL Injection Vulnerability in CodeAstro Leave Management System
CVE-2026-11509

5.3MEDIUM

Key Information:

Vendor

Codeastro

Vendor
CVE Published:
8 June 2026

What is CVE-2026-11509?

A notable SQL injection vulnerability exists within the CodeAstro Leave Management System version 1.0, specifically within the /admin/search_staff_for_updation.php file. This vulnerability allows an attacker to manipulate the 'Name' argument, potentially leading to unauthorized access to the database. Such attacks can be executed remotely, emphasizing the need for immediate security measures to safeguard against exploitation.

Affected Version(s)

Leave Management System 1.0

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SchneiderGrace (VulDB User)
VulDB Vulnerability Moderation Team
.