CVE-2026-14689
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
A SQL injection vulnerability has been discovered in CodeAstro Apartment Visitor Management System 1.0 in the file /apartment-visitor/add-apartment.php. An attacker can remotely manipulate the apartmentno argument, leading to SQL injection. The exploit has been publicly released.
Risk Assessment
The organization is at risk of unauthorized database access, data leakage, and potential remote takeover of the system.
Recommendation
Immediately update the system to the latest version or apply a security patch. In the meantime, validate and sanitize input for the apartmentno argument.
Original NVD description (English source)
A security flaw has been discovered in CodeAstro Apartment Visitor Management System 1.0. The impacted element is an unknown function of the file /apartment-visitor/add-apartment.php. The manipulation of the argument apartmentno results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

