SQL Injection Vulnerability in CodeAstro Apartment Visitor Management System
CVE-2026-14796
Key Information:
- Vendor
Codeastro
- Vendor
- CVE Published:
- 6 July 2026
Badges
What is CVE-2026-14796?
A vulnerability in CodeAstro's Apartment Visitor Management System version 1.0 has been identified, allowing for SQL injection attacks via the manipulation of the 'fromdate' argument in the report.php file. This flaw could enable attackers to execute arbitrary SQL queries on the database, potentially leading to unauthorized data access. The vulnerability can be exploited remotely, raising significant security concerns. Publicly available exploit code further highlights the urgency for users to apply security measures.
Affected Version(s)
Apartment Visitor Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
