A vulnerability has been found in code-projects Employee Management System 1.0 and classified as critical . Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php . This manipulation of the argument ID causes sql injection. This vulnerability is handled as CVE-2026-9451 . The attack can be initiated remotely. Additionally, an exploit exists.