PT-2026-53205 · Codeastro · Human Resource Management System

Ashikmd7

Published

2026-06-29

Updated

2026-06-29

CVE-2026-13535

CVSS v3.1

6.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employee model.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.

Exploit

Fix

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2026-13535

Affected Products

Human Resource Management System

PT-2026-53205 · Codeastro · Human Resource Management System

CVE-2026-13535

Weakness Enumeration

Related Identifiers

Affected Products

References · 7