SQL Injection Vulnerability in CodeAstro Apartment Visitor Management System
CVE-2026-14640
Key Information:
- Vendor
Codeastro
- Vendor
- CVE Published:
- 4 July 2026
Badges
What is CVE-2026-14640?
A SQL injection vulnerability exists in the Login component of the CodeAstro Apartment Visitor Management System version 1.0. This issue arises due to improper sanitization of the 'Username' parameter in the /index.php file. Attackers can exploit this vulnerability to execute remote SQL queries, potentially leading to unauthorized access to sensitive data. Given that the exploit has been made public, it poses significant risks to users of the affected version. Immediate updates and mitigation strategies are advised to protect against potential attacks.
Affected Version(s)
Apartment Visitor Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
