CVE-2026-13535 | CodeAstro Human Resource Management System 1.0 View Endpoint Employee_model.php GetFileInfo ID sql injection

Inserito da Angelo Barbosa | Giu 28, 2026 | CVE

A vulnerability classified as critical was found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employee_model.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection.

This vulnerability is tracked as CVE-2026-13535. The attack can be launched remotely. Moreover, an exploit is present.

CVE-2026-13535 | CodeAstro Human Resource Management System 1.0 View Endpoint Employee_model.php GetFileInfo ID sql injection

Post correlati

CVE-2024-45373 | Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE privileges management (icsa-24-268-04)

CVE-2024-49650 | xarbo BuddyPress Greeting Message Plugin up to 1.0.3 on WordPress cross site scripting

CVE-2021-32026 | nats-io nats-server CLI Flag cryptographic issues

CVE-2025-47398 | Qualcomm Snapdragon Auto up to WSA8845H use after free