5.3
/ 10
MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Description
A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employee_model.php of the component Update_Earn_Leave Endpoint. The manipulation of the argument emid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used.
Basic Information
ID
CVE-2026-13525
Source
VulDB
Published
Jun 29, 2026 at 02:00
Affected Product
Vendor
CodeAstro
Product
Human Resource Management System
Version
1.0
Affected Versions
CodeAstro Human Resource Management System 1.0