CVE-2025-56254 — PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the UR — CVE Database · The Intelligence Room