SQL Injection Vulnerability in CodeAstro Apartment Visitor Management System
CVE-2026-14795
Key Information:
- Vendor
Codeastro
- Vendor
- CVE Published:
- 6 July 2026
Badges
What is CVE-2026-14795?
A SQL injection vulnerability exists in the CodeAstro Apartment Visitor Management System version 1.0. The issue arises from improper validation of input within the '/apartment-visitor/action-visitor.php' file, specifically in the argument 'remark'. This flaw allows an attacker to manipulate SQL queries through controlled input, enabling potential unauthorized access to the database. As the exploit has been publicly disclosed, it poses a significant risk if unaddressed, facilitating remote attacks that could compromise sensitive information.
Affected Version(s)
Apartment Visitor Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
