PT-2026-57810 · Codeastro · Simple Online Leave Management System

Cshwswwsshd99

·

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-15559

CVSS v2.0

6.5

Medium

VectorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions CodeAstro Simple Online Leave Management System version 1.0
Description Remote SQL injection is possible via the POST Handler component in the '/SimpleOnlineLeave/admin/accept.php' endpoint. The issue occurs when the appid argument is manipulated, allowing an attacker to execute arbitrary SQL commands.
Recommendations Update CodeAstro Simple Online Leave Management System version 1.0. As a temporary mitigation, restrict access to the '/SimpleOnlineLeave/admin/accept.php' endpoint or avoid using the appid parameter until a patch is applied.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-15559

Affected Products

Simple Online Leave Management System