480 matches found
CVE-2026-9237
The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-13535
A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...
CVE-2026-13537
The CVE-2026-13537 entry concerns CodeAstro Human Resource Management System (version 1.0). The vulnerability is described as a cross-site request forgery affecting an unspecified function, with a remote attack possibility and public exploit. No explicit root cause details or affected subcomponen...
CVE-2026-13537 CodeAstro Human Resource Management System cross-site request forgery
A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. The exploit has been made public and could be used...
EUVD-2026-40035
A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. The exploit has been made public and could be used...
EUVD-2026-40032
A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...
CVE-2026-13535
A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...
CVE-2026-13535
CodeAstro HRMS 1.0 is affected by an SQL injection in the View Endpoint’s GetFileInfo (Employee_model.php). Manipulating the ID argument enables remote SQL injection, with proofs-of-concept published. Root cause: unsafely concatenated or unsanitized ID in GetFileInfo; impact is limited to confide...
CVE-2026-13525
A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employeemodel.php of the component UpdateEarnLeave Endpoint. The manipulation of the argument emid results in sql injection. The attack can...
CVE-2026-13525
CodeAstro Human Resource Management System 1.0 contains a SQL injection in Update_Earn_Leave Endpoint, specifically in Employee_model.php emselectByCode via the emid parameter. The vulnerability arises from unsanitized input leading to SQL injection, enabling remote exploitation. Public exploit a...
EUVD-2026-36604
A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \application\controllers\Payroll.php of the component Payroll Invoice Module. This manipulation of the argument ID causes sql injection. Remote exploitatio...
CVE-2026-12131
A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \application\controllers\Payroll.php of the component Payroll Invoice Module. This manipulation of the argument ID causes sql injection. Remote exploitatio...
CVE-2026-12130
A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/AddProjects of the component Projects Management Page. The manipulation of the argument protitle results in cross site scripting. The attack may be launched...
CVE-2026-12129
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/addtod of the component Dashboard Interface. The manipulation of the argument tododata leads to cross site scripting. The attack may be...
CVE-2026-12131 CodeAstro Human Resource Management System Payroll Invoice Payroll.php sql injection
A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \application\controllers\Payroll.php of the component Payroll Invoice Module. This manipulation of the argument ID causes sql injection. Remote exploitatio...
EUVD-2026-36569
A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/AddProjects of the component Projects Management Page. The manipulation of the argument protitle results in cross site scripting. The attack may be launched...
CVE-2026-12130
CodeAstro Human Resource Management System 1.0 is affected in the Projects Management Page (file /Projects/Add_Projects). The vulnerability is a stored/reflected cross-site scripting described as caused by manipulation of the protitle argument. The attack can be launched remotely and an exploit h...
CVE-2026-12129 CodeAstro Human Resource Management System Dashboard add_tod cross site scripting
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/addtod of the component Dashboard Interface. The manipulation of the argument tododata leads to cross site scripting. The attack may be...
CVE-2026-12129 CodeAstro Human Resource Management System Dashboard add_tod cross site scripting
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/addtod of the component Dashboard Interface. The manipulation of the argument tododata leads to cross site scripting. The attack may be...
PT-2026-48975
Name of the Vulnerable Software and Affected Versions CodeAstro Human Resource Management System version 1.0 Description A security flaw in the Projects Management Page component allows for remote cross-site scripting XSS, which is a technique where malicious scripts are injected into trusted...