A vulnerability has been found in CodeAstro Leave Management System 1.0 and classified as critical . Affected by this vulnerability is an unknown functionality of the file /admin/search_staff_to_assign_pc.php . This manipulation of the argument Name causes sql injection. This vulnerability is tracked as CVE-2026-11508 . The attack is possible to be carried out remotely. Moreover, an exploit is present.