86Xx

**Name of the Vulnerable Software and Affected Versions** Simple Leave Manager version 1.0 **Description** A SQL injection issue exists in the Simple Leave Manager 1.0 application. The flaw is located in the `/user.php` file and stems from improper handling of user-supplied input within the argument table, allowing manipulation of SQL queries. Remote exploitation is possible. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.