PatchSiren cyber security CVE debrief
CVE-2026-11506 CodeAstro CVE debrief
A SQL injection vulnerability has been discovered in CodeAstro Leave Management System 1.0. The vulnerability affects an unknown function of the file /admin/search_staff_for_deletion.php, where the manipulation of the argument Name leads to SQL injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
- Vendor
- CodeAstro
- Product
- Leave Management System
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Administrators and users of CodeAstro Leave Management System 1.0 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability has a CVSS score of 2.1 and a severity of LOW. It is classified as CWE-74 and CWE-89.
Defensive priority
LOW
Recommended defensive actions
- Update to the latest version of CodeAstro Leave Management System, if available.
- Implement input validation and sanitization for user input.
- Use prepared statements to prevent SQL injection attacks.
Evidence notes
The vendor is currently unknown, but evidence suggests that the product is related to Codeastro.
Official resources
CVE-2026-11506 was published on 2026-06-08T12:16:30.917Z and modified on 2026-06-08T14:57:14.757Z.