CVE-2026-13525 | HackTesting

A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employee_model.php of the component Update_Earn_Leave Endpoint. The manipulation of the argument emid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used.

Credits

ashikmd7 (VulDB User)

References

https://vuldb.com/vuln/374533

https://vuldb.com/vuln/374533/cti

https://vuldb.com/cve/CVE-2026-13525

https://vuldb.com/submit/840506

https://github.com/ashikmd0507/CVE/tree/main/Time-Based%20Blind%20SQL%20Injection%20in%20Update_Earn_Leave%20via%20emid%20Parameter

https://codeastro.com/