CVE-2026-14766
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk11th percentile — higher than 11% of all known CVEs
Summary
A SQL injection vulnerability was found in CodeAstro Apartment Visitor Management System 1.0 in the file /apartment-visitor/search-result.php. An attacker can remotely manipulate the searchdata argument, leading to SQL injection. The exploit is publicly available.
Risk Assessment
The organization is at risk of unauthorized database access, leakage of visitor data, and potential system takeover.
Recommendation
Immediately update the system to the latest version or apply a security patch. In the meantime, validate and sanitize input data for the searchdata parameter.
Original NVD description (English source)
A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

