CVE-2026-11509
Description
SQL injection vulnerability in CodeAstro Leave Management System 1.0's search_staff_for_updation.php allows remote attackers to manipulate the Name argument.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection vulnerability in CodeAstro Leave Management System 1.0's search_staff_for_updation.php allows remote attackers to manipulate the Name argument.
Vulnerability
A SQL injection vulnerability exists in the CodeAstro Leave Management System version 1.0. Specifically, the file /admin/search_staff_for_updation.php is affected. The vulnerability arises from the manipulation of the Name argument, which can lead to SQL injection.
Exploitation
An attacker can exploit this vulnerability remotely by manipulating the Name argument in the /admin/search_staff_for_updation.php file. No specific authentication or user interaction requirements are mentioned in the available references.
Impact
Successful exploitation of this vulnerability allows an attacker to perform SQL injection, which could lead to unauthorized access to or modification of sensitive data within the system. The exact scope and privilege level of the compromise are not detailed in the available references.
Mitigation
Not yet disclosed in the available references. The vendor's website [1] lists various projects but does not provide specific details or patches for this vulnerability.
AI Insight generated on Jun 8, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: = 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
5News mentions
1- Codeastro: Seven SQLi and XSS Vulnerabilities Disclosed TogetherVypr Intelligence · Jun 8, 2026