CVE-2026-14640
HighCVSS 7.3Summary
A SQL injection vulnerability was found in CodeAstro Apartment Visitor Management System 1.0 in the /index.php file within the login component. Manipulating the Username argument allows remote attackers to execute unauthorized database queries. The exploit has been made public and could be used.
Risk Assessment
An attacker can gain unauthorized access to the database, leading to potential leakage of sensitive visitor and resident data, as well as possible data modification or deletion.
Recommendation
Immediately implement SQL query parameterization or use prepared statements in the /index.php file. It is also recommended to update the system to the latest version once a patch is released.
Original NVD description (English source)
A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

