All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-13525
LOWpublished 2026-06-29 03:16 UTC · 14 hours ago
2.1
CVSS / 10
// description
A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employee_model.php of the component Update_Earn_Leave Endpoint. The manipulation of the argument emid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used.
// weaknesses (CWE)
- CWE-74
- CWE-89