SQL Injection Vulnerability in Apartment Visitors Management System by PHP Gurukul
CVE-2026-39111

7.5HIGH

Key Information:

Vendor: PHP Gurukul
Status: Apartment Visitors Management System
Vendor: CVE Published:; 20 April 2026

🔔 Create PHP Gurukul Vulnerability Alert

What is CVE-2026-39111?

A vulnerability exists in the Apartment Visitors Management System V1.1 that allows an unauthenticated attacker to exploit the email parameter on the forgot password page (forgot-password.php). By manipulating the input, attackers can execute arbitrary SQL queries against the backend database, potentially exposing sensitive user information and compromising the integrity of the system.

References

https://phpgurukul.com/apartment-visitors-management-syst...

https://phpgurukul.com/?sdm_process_download=1&download_i...

https://github.com/efekaanakkar/Apartment-Visitors-Manage...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2026
Vulnerability Reserved
Apr 6, 2026

CVE-2026-39111 Data

JSON