SQL Injection Vulnerability in Apartment Visitors Management System by PHP Gurukul
CVE-2026-39109

9.4CRITICAL

Key Information:

Vendor

PHP Gurukul

Status
Apartment Visitors Management System
Vendor
CVE Published:
20 April 2026

What is CVE-2026-39109?

The Apartment Visitors Management System Version 1.1 is susceptible to a SQL Injection vulnerability found in the username parameter of its login page (index.php). This security flaw enables an unauthenticated attacker to manipulate the backend SQL queries during authentication, potentially gaining unauthorized access to sensitive database information. Proper validation and sanitization of user inputs are essential to mitigate such risks and protect data integrity.

References

https://phpgurukul.com/apartment-visitors-management-syst...
https://phpgurukul.com/?sdm_process_download=1&download_i...
https://github.com/efekaanakkar/Apartment-Visitors-Manage...

CVSS V3.1

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.