CVE Catalog

CVE-2026-14640

HighCVSS 7.3
Published: Translated: NVD NIST

Summary

A SQL injection vulnerability was found in CodeAstro Apartment Visitor Management System 1.0 in the /index.php file within the login component. Manipulating the Username argument allows remote attackers to execute unauthorized database queries. The exploit has been made public and could be used.

Risk Assessment

An attacker can gain unauthorized access to the database, leading to potential leakage of sensitive visitor and resident data, as well as possible data modification or deletion.

Recommendation

Immediately implement SQL query parameterization or use prepared statements in the /index.php file. It is also recommended to update the system to the latest version once a patch is released.

Original NVD description (English source)

A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS