18 matches found
CVE-2026-15523
CVE-2026-15523 affects CodeAstro Simple Online Leave Management System 1.0. The vulnerability is in the /SimpleOnlineLeave/admin/dashboard.php file, where manipulation of the Name argument enables SQL injection. The issue can be triggered remotely and a public exploit is available. The supplied s...
EUVD-2026-43265
A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This manipulation of the argument Name causes sql injection. The attack can be initiated remotely. The...
CVE-2026-15134
CodeAstro Simple Online Leave Management System 1.0 contains a SQL injection vulnerability in the /SimpleOnlineLeave/index.php endpoint, triggered by manipulating the email parameter. The issue is exploitable remotely over the network, with Proof-of-Concept exploits observed. The CVSS data indica...
CVE-2026-11510
A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/addleave.php. Performing a manipulation of the argument typeofleave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released...
CVE-2026-11508
CodeAstro Leave Management System 1.0 contains a SQL injection in /admin/search_staff_to_assign_pc.php via manipulation of the Name parameter. The vulnerability is exploitable remotely, with exploit information publicly disclosed and proof-of-concept activity indicated by CVSS/ExploitMaturity dat...
CVE-2026-5326 SourceCodester Leave Application System User Information index.php authorization
A vulnerability was identified in SourceCodester Leave Application System 1.0. Impacted is an unknown function of the file /index.php?page=manageuser of the component User Information Handler. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely...
EUVD-2026-1658
A flaw has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is the function ADDSTAFF/UPDATESTAFF of the file /staffleave/slms/slms/adminviews.py of the component SVG File Handler. Executing a manipulation of the argument profilepic can lead to cross site scripting...
CVE-2026-0730 PHPGurukul Staff Leave Management System SVG File adminviews.py UPDATE_STAFF cross site scripting
A flaw has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is the function ADDSTAFF/UPDATESTAFF of the file /staffleave/slms/slms/adminviews.py of the component SVG File Handler. Executing a manipulation of the argument profilepic can lead to cross site scripting...
CVE-2026-0730 PHPGurukul Staff Leave Management System SVG File adminviews.py UPDATE_STAFF cross site scripting
A flaw has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is the function ADDSTAFF/UPDATESTAFF of the file /staffleave/slms/slms/adminviews.py of the component SVG File Handler. Executing a manipulation of the argument profilepic can lead to cross site scripting...
CVE-2026-0730
PHPGurukul Staff Leave Management System 1.0 is affected by a cross-site scripting vulnerability in the SVG File Handler, specifically the ADD_STAFF/UPDATE_STAFF function in /staffleave/slms/slms/adminviews.py. Manipulating the profile_pic argument can trigger XSS, with remote exploitation report...
CVE-2025-67315
...
Projectworlds Leave Management System Project SQL Injection Vulnerability
Projectworlds Leave Management System Project is a leave management system project by Projectworlds India. A SQL injection vulnerability exists in Projectworlds Leave Management System Project v1.0, which stems from the "setearnleave" parameter of admin/setleaves.php not validating incoming...
PT-2023-29568 · Unknown · Jorani Leave Management System
Name of the Vulnerable Software and Affected Versions: Jorani Leave Management System version 1.0.3 Description: The issue allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page. This can potentially lead to malicious...
Online Leave Management System 代码问题漏洞
Sourcecodester Online Leave Management System is an online leave management system. A security vulnerability exists in Online Leave Management System v1.0, which originates from a file upload vulnerability found in /leavesystem/classes/SystemSettings.php?f=updatesettings. An attacker could exploi...
CVE-2022-40928
Online Leave Management System v1.0 is vulnerable to SQL Injection via /leavesystem/classes/Master.php?f=deleteapplication...
Online Leave Management System SQL注入漏洞
Online Leave Management System is an online leave management system. SQL injection vulnerability exists in Online Leave Management System v1.0, which originates from /leavesystem/classes/Master.php?f=delete leavetype lacks validation for external input SQL statements. An attacker could use this...
CVE-2022-3121
A vulnerability was found in SourceCodester Online Employee Leave Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addemployee.php. The manipulation leads to cross-site request forgery. The attack can be...
SQL Injection Vulnerability in Appform for Leave System
Qixing Leave System includes leave, overtime, approval, annual leave, transfer, work calendar and report modules. SQL injection vulnerability exists in the Leave System Appform, which can be exploited by attackers to obtain sensitive information from the database...