Product
A high-severity SQL injection vulnerability (CVE-2026-15134) in CodeAstro Simple Online Leave Management System 1.0, specifically within the '/SimpleOnlineLeave/index.php' file, allows a remote unauthenticated attacker to execute arbitrary SQL commands by manipulating the 'email' argument, leading to unauthorized database access and data compromise, with a public exploit available.