PT-2026-1294 · Unknown · Employee Leaves Management System
Published
2026-01-05
·
Updated
2026-01-30
·
CVE-2025-67315
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Employee Leave Management System version 2.1
Description
A Cross Site Request Forgery issue exists in Employee Leave Management System version 2.1. This allows a remote attacker to escalate privileges through the
manage-employee.php component. The attack exploits a lack of proper request validation, potentially allowing an attacker to perform actions on behalf of an authenticated user without their knowledge.Recommendations
Employee Leave Management System version 2.1 should be updated to a version with appropriate CSRF protections. As a temporary workaround, consider implementing additional validation checks on all requests to the
manage-employee.php component.Exploit
Fix
LPE
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Employee Leaves Management System