PT-2026-55861 · Codeastro · Apartment Visitor Management System
Lilukun
·
Published
2026-07-06
·
Updated
2026-07-06
·
CVE-2026-14798
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
CodeAstro Apartment Visitor Management System version 1.0
Description
Remote SQL injection is possible due to improper processing of the
visname variable within the '/apartment-visitor/visitor-entry.php' endpoint. SQL injection is a technique where malicious SQL statements are inserted into entry fields for execution, potentially allowing unauthorized access to the database.Recommendations
Update CodeAstro Apartment Visitor Management System version 1.0 to a patched version.
As a temporary workaround, restrict access to the '/apartment-visitor/visitor-entry.php' endpoint or avoid using the
visname parameter until a fix is applied.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apartment Visitor Management System