Is CVE-2026-13525 being exploited?

No public exploit is currently tracked.

How severe is CVE-2026-13525?

CVE-2026-13525 has a CVSS v3 severity of MEDIUM (6.3).

Back

CVE-2026-13525

Description

A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employee_model.php of the component Update_Earn_Leave Endpoint. The manipulation of the argument emid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used.