A vulnerability was found in CodeAstro Human Resource Management System 1.0 . It has been rated as critical . This vulnerability affects the function Invoice of the file \application\controllers\Payroll.php of the component Payroll Invoice Module . This manipulation of the argument ID causes sql injection. This vulnerability is registered as CVE-2026-12131 . Remote exploitation of the attack is possible. Furthermore, an exploit is available.