PT-2025-39784 · Codeastro · Codeastro Online Leave Application

Shishengjiu

Publicado

2025-09-28

Atualizado

2025-09-28

CVE-2025-11113

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CodeAstro Online Leave Application version 1.0

Description A flaw exists in CodeAstro Online Leave Application version 1.0 that allows for SQL injection. The issue is located in the /signup.php file, specifically through manipulation of the city argument. This can be initiated remotely. The exploit is publicly available. Other parameters may also be affected.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Special Elements Injection

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-89

Identificadores relacionados

CVE-2025-11113

Produtos afetados

Codeastro Online Leave Application

PT-2025-39784 · Codeastro · Codeastro Online Leave Application

CVE-2025-11113

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11