Online Leave Management System is an online leave management system. SQL injection vulnerability exists in Online Leave Management System v1.0, which originates in /leave_system/classes/Master.php?f=delete_ application lacks validation of externally entered SQL statements. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.