CVE-2026-11507

Name of the Vulnerable Software and Affected Versions CodeAstro Leave Management System version 1.0

Description An issue exists in the /admin/delete leave type.php file where the manipulation of the leave type argument allows for SQL injection, which is a technique used to execute malicious SQL statements that control a database server. This attack can be performed remotely.

Recommendations As a temporary workaround, restrict access to the /admin/delete leave type.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.