CNNVD-202601-1386 Information

Jan 08, 2026 cve

CNNVD ID

CNNVD-202601-1386

CVE-2026-0730

CNNVD Published: 2026-01-08

Description (Chinese)

PHPGurukul Staff Leave Management System是PHPGurukul公司的一个员工休假管理系统。 PHPGurukul Staff Leave Management System 1.0版本存在代码注入漏洞，该漏洞源于对文件/staffleave/slms/slms/adminviews.py中参数profile_pic的错误操作，可能导致跨站脚本攻击。

Description (English)

PHPGurukul Staff Leave Management System is an employee leave management system for PHPGurukul. Version 1.0 of PHPGurukul Staff Leave Management System has a code-infusion loophole, which stems from an error in the operation of the parameters for document/staffleave/slms/slms/adminviews.py, which could result in a cross-site script attack.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

PHPGurukul

Published

2026-01-08

Last Modified

2026-02-24

References

https://vuldb.com/?submit.733160 https://github.com/rsecroot/Staff-Leave-Management-System/blob/main/Cross%20Site%20Scripting.md https://vuldb.com/?ctiid.340127 https://phpgurukul.com/ https://vuldb.com/?id.340127 https://access.redhat.com/security/cve/cve-2026-0730

Share on: