CVE-2026-13525 | CodeAstro Human Resource Management System 1.0 Update_Earn_Leave Endpoint Employee_model.php emselectByCode emid sql injection (EUVD-2026-40022)
A vulnerability was found in CodeAstro Human Resource Management System 1.0 and classified as critical. This issue affects the function emselectByCode of the file application/models/Employee_model.php of the component Update_Earn_Leave Endpoint. The manipulation of the argument emid results in sql injection.
This vulnerability is reported as CVE-2026-13525. The attack can be launched remotely. Moreover, an exploit is present.