CVE-2026-11508

CodeAstro Leave Management System search_staff_to_assign_pc.php sql injection

CVSS 5.3 MEDIUMEPSS 0.2%CWE-74 CWE-89

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search_staff_to_assign_pc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Affected products

CodeAstro · Leave Management System

public PoCs found — 1

cve_referencegithub.com/Andelstander/cve/issues/6unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://codeastro.com/https://github.com/Andelstander/cve/issues/6 https://vuldb.com/cve/CVE-2026-11508 https://vuldb.com/submit/836786 https://vuldb.com/vuln/369128 https://vuldb.com/vuln/369128/cti