CVE Catalog

CVE-2026-14766

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

11th percentile — higher than 11% of all known CVEs

Summary

A SQL injection vulnerability was found in CodeAstro Apartment Visitor Management System 1.0 in the file /apartment-visitor/search-result.php. An attacker can remotely manipulate the searchdata argument, leading to SQL injection. The exploit is publicly available.

Risk Assessment

The organization is at risk of unauthorized database access, leakage of visitor data, and potential system takeover.

Recommendation

Immediately update the system to the latest version or apply a security patch. In the meantime, validate and sanitize input data for the searchdata parameter.

Original NVD description (English source)

A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS