PT-2026-55858 · Codeastro · Apartment Visitor Management System

Lilukun

·

Published

2026-07-06

·

Updated

2026-07-06

·

CVE-2026-14795

CVSS v2.0

6.5

Medium

VectorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions CodeAstro Apartment Visitor Management System version 1.0
Description A remote SQL injection exists in the /apartment-visitor/action-visitor.php endpoint. This issue occurs when the remark variable is manipulated, allowing an attacker to execute arbitrary SQL commands on the database.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Avoid using the remark variable in the /apartment-visitor/action-visitor.php endpoint until the issue is resolved.

Exploit

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-14795

Affected Products

Apartment Visitor Management System