A vulnerability was found in CodeAstro Leave Management System 1.0 and classified as critical . Affected by this issue is some unknown functionality of the file /admin/search_staff_for_updation.php . Such manipulation of the argument Name leads to sql injection. This vulnerability is listed as CVE-2026-11509 . The attack may be performed from remote. There is no available exploit.