Description
A vulnerability was detected in CodeAstro Simple Online Leave Management System 1.0. This affects an unknown part of the file /SimpleOnlineLeave/admin/accept.php of the component POST Handler. Performing a manipulation of the argument appid results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Problem types
Product status
Timeline
| 2026-07-13: | Advisory disclosed |
| 2026-07-13: | VulDB entry created |
| 2026-07-13: | VulDB entry last update |
Credits
cshwswwsshd99 (VulDB User)
References
vuldb.com/vuln/377908 (VDB-377908 | CodeAstro Simple Online Leave Management System POST accept.php sql injection)
vuldb.com/vuln/377908/cti (VDB-377908 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/cve/CVE-2026-15559 (CVE-2026-15559 | CVE Analysis and Report)
vuldb.com/submit/855189 (Submit #855189 | codeastro Simple Online Leave Management System V1.0 SQL Injection)
github.com/sl1der-fr0g/Findings/issues/3
codeastro.com/