PT-2026-55861 · Codeastro · Apartment Visitor Management System

Lilukun

·

Published

2026-07-06

·

Updated

2026-07-06

·

CVE-2026-14798

CVSS v2.0

6.5

Medium

VectorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions CodeAstro Apartment Visitor Management System version 1.0
Description Remote SQL injection is possible due to improper processing of the visname variable within the '/apartment-visitor/visitor-entry.php' endpoint. SQL injection is a technique where malicious SQL statements are inserted into entry fields for execution, potentially allowing unauthorized access to the database.
Recommendations Update CodeAstro Apartment Visitor Management System version 1.0 to a patched version. As a temporary workaround, restrict access to the '/apartment-visitor/visitor-entry.php' endpoint or avoid using the visname parameter until a fix is applied.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-14798

Affected Products

Apartment Visitor Management System