PT-2026-38655 · Unknown · Codeastro Leave Management System

Yingxiujie

Published

2026-05-08

Updated

2026-05-10

CVE-2026-8132

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions CodeAstro Leave Management System version 1.0

Description A weakness in the /login.php file allows for remote SQL injection. This occurs through the manipulation of the txt username argument. SQL injection is a type of flaw that allows an attacker to interfere with the queries that an application makes to its database.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the /login.php file or sanitize the txt username input to minimize the risk of exploitation.

Exploit

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2026-8132

Affected Products

Codeastro Leave Management System

PT-2026-38655 · Unknown · Codeastro Leave Management System

CVE-2026-8132

Weakness Enumeration

Related Identifiers

Affected Products

References · 8