PT-2026-43247 · Unknown · Codeastro Leave Management System

Wangchaoxing

Published

2026-05-26

Updated

2026-05-26

CVE-2026-9542

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions CodeAstro Leave Management System version 1.0

Description A weakness in the file '/admin/add staff.php' allows for remote SQL injection. This occurs when the email id argument is manipulated, enabling an attacker to interfere with the application's database queries.

Recommendations Update CodeAstro Leave Management System to a version newer than 1.0. As a temporary workaround, restrict access to the '/admin/add staff.php' file or avoid using the email id parameter until a patch is applied.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2026-9542

Affected Products

Codeastro Leave Management System

PT-2026-43247 · Unknown · Codeastro Leave Management System

CVE-2026-9542

Weakness Enumeration

Related Identifiers

Affected Products

References · 7