CVE-2021-40595
Affected software: SourceCodester Online Leave Management System v1. The CVE-2021-40595 issue is a SQL injection in the login flow: the username parameter sent to /leave_system/classes/Login.php can be used to execute arbitrary SQL commands. Root cause described as insufficient filtering/escaping...