CVE-2026-11510

Description

A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/add_leave.php. Performing a manipulation of the argument type_of_leave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

References

• https://codeastro.com/
• https://github.com/Andelstander/cve/issues/3
• https://vuldb.com/cve/CVE-2026-11510
• https://vuldb.com/submit/836789
• https://vuldb.com/vuln/369130