CVE-2026-9542

MEDIUM NVD

CVSS Score 6.3

Severity MEDIUM

Published May 26, 2026

Vendor unknown

Description

A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/add_staff.php. Executing a manipulation of the argument email_id can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

References

https://codeastro.com/
https://github.com/wangchaoxing/CVE/issues/8
https://vuldb.com/submit/814866
https://vuldb.com/vuln/365603
https://vuldb.com/vuln/365603/cti