Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter.