CVE-2026-11506

EUVD-2026-35042
A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search_staff_for_deletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Common Weakness Enumeration
References
https://codeastro.com/
https://github.com/jimages/PoC/issues/1
https://vuldb.com/cve/CVE-2026-11506
https://vuldb.com/submit/835731
https://vuldb.com/vuln/369126
https://vuldb.com/vuln/369126/cti