A vulnerability was found in CodeAstro Leave Management System 1.0 . It has been classified as critical . This affects an unknown part of the file /admin/add_leave.php . Performing a manipulation of the argument type_of_leave results in sql injection. This vulnerability is cataloged as CVE-2026-11510 . It is possible to initiate the attack remotely. Furthermore, there is an exploit available.