Jimages123

**Name of the Vulnerable Software and Affected Versions** CodeAstro Leave Management System version 1.0 **Description** SQL injection is possible via the manipulation of the `Name` argument in the '/admin/search staff for deletion.php' endpoint. This allows for remote exploitation. **Recommendations** Update CodeAstro Leave Management System to a version newer than 1.0. As a temporary workaround, restrict access to the '/admin/search staff for deletion.php' file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Leave Management System version 1.0 **Description** An issue exists in the `/admin/delete leave type.php` file where the manipulation of the `leave type` argument allows for SQL injection, which is a technique used to execute malicious SQL statements that control a database server. This attack can be performed remotely. **Recommendations** As a temporary workaround, restrict access to the `/admin/delete leave type.php` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.