PT-2026-57808 · Codeastro · Simple Online Leave Management System
Cshwswwsshd99
·
Published
2026-07-13
·
Updated
2026-07-13
·
CVE-2026-15558
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
CodeAstro Simple Online Leave Management System version 1.0
Description
Remote SQL injection is possible due to improper handling of the
ID variable in the '/SimpleOnlineLeave/admin/deletemp.php' endpoint. SQL injection is a technique where an attacker inserts malicious SQL code into a query, allowing them to manipulate the database.Recommendations
Update CodeAstro Simple Online Leave Management System version 1.0 to a patched version.
As a temporary mitigation, restrict access to the '/SimpleOnlineLeave/admin/deletemp.php' endpoint.
Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Simple Online Leave Management System