CodeAstro Leave Management System SQLi (CVE-2026-8132)

/HIGH /CVSS 7.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitysql-injectioncwe-74cwe-89
CodeAstro Leave Management System SQLi (CVE-2026-8132)

The National Vulnerability Database has disclosed CVE-2026-8132, a high-severity SQL injection vulnerability affecting CodeAstro Leave Management System version 1.0. The flaw resides in the /login.php file, specifically within an unknown function that processes the txt_username argument. This vulnerability allows for remote exploitation, enabling an attacker to inject malicious SQL queries and potentially compromise the underlying database.

With a CVSSv3.1 score of 7.3 (High), this vulnerability is critical. The attack vector is network-based, requires no privileges or user interaction, and has low complexity, making it trivial for an attacker to execute. The National Vulnerability Database confirms that a public exploit is available, meaning this isn’t just theoretical — it’s actively weaponizable. Attackers can leverage this to gain unauthorized access, extract sensitive data, or manipulate database records.

For defenders, this is a clear and present danger if CodeAstro Leave Management System is in your environment. The ease of exploitation combined with public exploit availability means scanning and patching are urgent. Attackers will quickly automate scans for this specific login.php vulnerability. Prioritize this patch, or if patching isn’t immediately possible, remove the system from public-facing networks. This isn’t a complex RCE, but SQLi can be just as devastating for data integrity and confidentiality.

What This Means For You

  • If your organization uses CodeAstro Leave Management System 1.0, you are directly exposed to CVE-2026-8132. Immediately identify all instances of this system, verify if they are publicly accessible, and apply patches or isolate them from the internet. Audit logs for suspicious activity on `/login.php` endpoints.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component: Web Shell Persistence T1189 Drive-by Compromise Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

SQL Injection in CodeAstro Leave Management login.php - CVE-2026-8132

Sigma YAML — free preview 
title: SQL Injection in CodeAstro Leave Management login.php - CVE-2026-8132
id: scw-2026-05-08-ai-1
status: experimental
level: critical
description: |
  Detects SQL injection attempts targeting the login.php page of the CodeAstro Leave Management System. Specifically looks for the 'txt_username' parameter being manipulated with common SQLi patterns like ' OR '1'='1', indicating exploitation of CVE-2026-8132.
author: SCW Feed Engine (AI-generated)
date: 2026-05-08
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-8132/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/login.php'
      cs-uri-query|contains:
          - 'txt_username='
      cs-uri-query|contains:
          - ' OR '
      cs-uri-query|contains:
          - '1'='1'
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-8132 SQLi CodeAstro Leave Management System 1.0
CVE-2026-8132 SQLi Vulnerable file: /login.php
CVE-2026-8132 SQLi Vulnerable parameter: txt_username

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 08, 2026 at 07:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

Tenda CX12L Stack Buffer Overflow (CVE-2026-8138) Risks Remote Exploitation

CVE-2026-8138 — A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg”. The manipulation results in stack-based...

vulnerabilityCVEhigh-severitybuffer-overflowcwe-119cwe-121
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 4 IOCs /⚙ 2 Sigma

Totolink X5000R Buffer Overflow (CVE-2026-8137) Exposed

CVE-2026-8137 — A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The manipulation of the...

vulnerabilityCVEhigh-severitybuffer-overflowcwe-119cwe-120
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 3 IOCs /⚙ 2 Sigma

CVE-2026-42279 — solidtime is an open-source time-tracking app. In version

CVE-2026-42279 — solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} API accepts a route-bound timeEntry from another organization when the caller...

vulnerabilityCVEmedium-severitycwe-639
/SCW Vulnerability Desk /MEDIUM /5.8 /⚑ 2 IOCs /⚙ 2 Sigma