Vendor
A SQL injection vulnerability (CVE-2026-8132) exists in CodeAstro Leave Management System 1.0 via manipulation of the txt_username parameter in /login.php, enabling remote exploitation and potential database compromise.