A vulnerability was found in CodeAstro Human Resource Management System 1.0 and classified as critical . This issue affects the function emselectByCode of the file application/models/Employee_model.php of the component Update_Earn_Leave Endpoint . The manipulation of the argument emid results in sql injection. This vulnerability is reported as CVE-2026-13525 . The attack can be launched remotely. Moreover, an exploit is present.