A vulnerability classified as critical was found in CodeAstro Human Resource Management System 1.0 . This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employee_model.php of the component View Endpoint . Executing a manipulation of the argument ID can lead to sql injection. This vulnerability is tracked as CVE-2026-13535 . The attack can be launched remotely. Moreover, an exploit is present.