A vulnerability, which was classified as critical , has been found in CodeAstro Leave Management System 1.0 . This impacts an unknown function of the file /admin/search_staff_for_deletion.php . The manipulation of the argument Name leads to sql injection. This vulnerability is referenced as CVE-2026-11506 . Remote exploitation of the attack is possible. Furthermore, an exploit is available.