A vulnerability was found in CodeAstro Simple Online Leave Management System 1.0. It has been classified as critical. This affects an unknown part of the file /SimpleOnlineLeave/admin/accept.php of the component POST Handler. Performing a manipulation of the argument appid results in sql injection.
This vulnerability is reported as CVE-2026-15559. The attack is possible to be carried out remotely. Moreover, an exploit is present.