PatchSiren cyber security CVE debrief
CVE-2026-11558 CodeAstro CVE debrief
A SQL injection vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /home_salary.php. The manipulation of the argument rate/salary_rate leads to SQL injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
- Vendor
- CodeAstro
- Product
- Payroll System
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Users of CodeAstro Payroll System 1.0
Technical summary
The vulnerability is caused by improper input validation in the /home_salary.php file, allowing an attacker to inject malicious SQL code through the rate/salary_rate argument.
Defensive priority
Low
Recommended defensive actions
- Update to the latest version of CodeAstro Payroll System, if available.
- Implement input validation and sanitization for user input in the /home_salary.php file.
- Use prepared statements with parameterized queries to prevent SQL injection.
Evidence notes
The vendor and product information is not confirmed, but there is a reference to Codeastro.
Official resources
CVE-2026-11558 was published on 2026-06-08T19:16:41.880Z and modified on 2026-06-09T01:32:36.950Z.