Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    6 vulnerabilities found for Apartment Visitor Management System by CodeAstro

    CVE-2026-14766 (GCVE-0-2026-14766)

    Vulnerability from nvd – Published: 2026-07-05 18:30 – Updated: 2026-07-05 18:30
    VLAI
    Title
    CodeAstro Apartment Visitor Management System POST Parameter search-result.php sql injection
    Summary
    A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    CodeAstro Apartment Visitor Management System Affected: 1.0
        cpe:2.3:a:codeastro:apartment_visitor_management_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    JasperX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:codeastro:apartment_visitor_management_system:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "POST Parameter Handler"
              ],
              "product": "Apartment Visitor Management System",
              "vendor": "CodeAstro",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "JasperX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T18:30:07.923Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376356 | CodeAstro Apartment Visitor Management System POST Parameter search-result.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376356"
            },
            {
              "name": "VDB-376356 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376356/cti"
            },
            {
              "name": "CVE-2026-14766 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14766"
            },
            {
              "name": "Submit #850616 | Codeastro Apartment Visitor Management System V1.0 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/850616"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/menelausx/29aef0a0ab6f289c0f45b379f6d759d7"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://codeastro.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-05T06:01:42.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "CodeAstro Apartment Visitor Management System POST Parameter search-result.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14766",
        "datePublished": "2026-07-05T18:30:07.923Z",
        "dateReserved": "2026-07-05T03:56:36.631Z",
        "dateUpdated": "2026-07-05T18:30:07.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14689 (GCVE-0-2026-14689)

    Vulnerability from nvd – Published: 2026-07-05 01:15 – Updated: 2026-07-05 01:15
    VLAI
    Title
    CodeAstro Apartment Visitor Management System add-apartment.php sql injection
    Summary
    A security flaw has been discovered in CodeAstro Apartment Visitor Management System 1.0. The impacted element is an unknown function of the file /apartment-visitor/add-apartment.php. The manipulation of the argument apartmentno results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/376285 vdb-entrytechnical-description
    https://vuldb.com/vuln/376285/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-14689 third-party-advisory
    https://vuldb.com/submit/846829 third-party-advisory
    https://github.com/yihaofuweng/cve/issues/70 exploitissue-tracking
    https://codeastro.com/ product
    Impacted products
    Vendor Product Version
    CodeAstro Apartment Visitor Management System Affected: 1.0
        cpe:2.3:a:codeastro:apartment_visitor_management_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    yingxiujie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:codeastro:apartment_visitor_management_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Apartment Visitor Management System",
              "vendor": "CodeAstro",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "yingxiujie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in CodeAstro Apartment Visitor Management System 1.0. The impacted element is an unknown function of the file /apartment-visitor/add-apartment.php. The manipulation of the argument apartmentno results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T01:15:21.240Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376285 | CodeAstro Apartment Visitor Management System add-apartment.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376285"
            },
            {
              "name": "VDB-376285 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376285/cti"
            },
            {
              "name": "CVE-2026-14689 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14689"
            },
            {
              "name": "Submit #846829 | codeastro  Apartment Visitor Management System V1.0 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/846829"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/yihaofuweng/cve/issues/70"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://codeastro.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-04T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-04T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-04T06:58:17.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "CodeAstro Apartment Visitor Management System add-apartment.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14689",
        "datePublished": "2026-07-05T01:15:21.240Z",
        "dateReserved": "2026-07-04T04:53:08.746Z",
        "dateUpdated": "2026-07-05T01:15:21.240Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14640 (GCVE-0-2026-14640)

    Vulnerability from nvd – Published: 2026-07-04 18:15 – Updated: 2026-07-04 18:15
    VLAI
    Title
    CodeAstro Apartment Visitor Management System Login index.php sql injection
    Summary
    A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/376156 vdb-entrytechnical-description
    https://vuldb.com/vuln/376156/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-14640 third-party-advisory
    https://vuldb.com/submit/846010 third-party-advisory
    https://github.com/kk-333/cve/issues/1 exploitissue-tracking
    https://codeastro.com/ product
    Impacted products
    Vendor Product Version
    CodeAstro Apartment Visitor Management System Affected: 1.0
        cpe:2.3:a:codeastro:apartment_visitor_management_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    kk333 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:codeastro:apartment_visitor_management_system:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Login"
              ],
              "product": "Apartment Visitor Management System",
              "vendor": "CodeAstro",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kk333 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-04T18:15:08.221Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376156 | CodeAstro Apartment Visitor Management System Login index.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376156"
            },
            {
              "name": "VDB-376156 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376156/cti"
            },
            {
              "name": "CVE-2026-14640 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14640"
            },
            {
              "name": "Submit #846010 | codeastro  Apartment Visitor Management System   V1.0 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/846010"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/kk-333/cve/issues/1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://codeastro.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-03T19:34:15.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "CodeAstro Apartment Visitor Management System Login index.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14640",
        "datePublished": "2026-07-04T18:15:08.221Z",
        "dateReserved": "2026-07-03T17:29:12.063Z",
        "dateUpdated": "2026-07-04T18:15:08.221Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14766 (GCVE-0-2026-14766)

    Vulnerability from cvelistv5 – Published: 2026-07-05 18:30 – Updated: 2026-07-05 18:30
    VLAI
    Title
    CodeAstro Apartment Visitor Management System POST Parameter search-result.php sql injection
    Summary
    A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    CodeAstro Apartment Visitor Management System Affected: 1.0
        cpe:2.3:a:codeastro:apartment_visitor_management_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    JasperX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:codeastro:apartment_visitor_management_system:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "POST Parameter Handler"
              ],
              "product": "Apartment Visitor Management System",
              "vendor": "CodeAstro",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "JasperX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T18:30:07.923Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376356 | CodeAstro Apartment Visitor Management System POST Parameter search-result.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376356"
            },
            {
              "name": "VDB-376356 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376356/cti"
            },
            {
              "name": "CVE-2026-14766 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14766"
            },
            {
              "name": "Submit #850616 | Codeastro Apartment Visitor Management System V1.0 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/850616"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/menelausx/29aef0a0ab6f289c0f45b379f6d759d7"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://codeastro.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-05T06:01:42.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "CodeAstro Apartment Visitor Management System POST Parameter search-result.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14766",
        "datePublished": "2026-07-05T18:30:07.923Z",
        "dateReserved": "2026-07-05T03:56:36.631Z",
        "dateUpdated": "2026-07-05T18:30:07.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14689 (GCVE-0-2026-14689)

    Vulnerability from cvelistv5 – Published: 2026-07-05 01:15 – Updated: 2026-07-05 01:15
    VLAI
    Title
    CodeAstro Apartment Visitor Management System add-apartment.php sql injection
    Summary
    A security flaw has been discovered in CodeAstro Apartment Visitor Management System 1.0. The impacted element is an unknown function of the file /apartment-visitor/add-apartment.php. The manipulation of the argument apartmentno results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/376285 vdb-entrytechnical-description
    https://vuldb.com/vuln/376285/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-14689 third-party-advisory
    https://vuldb.com/submit/846829 third-party-advisory
    https://github.com/yihaofuweng/cve/issues/70 exploitissue-tracking
    https://codeastro.com/ product
    Impacted products
    Vendor Product Version
    CodeAstro Apartment Visitor Management System Affected: 1.0
        cpe:2.3:a:codeastro:apartment_visitor_management_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    yingxiujie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:codeastro:apartment_visitor_management_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Apartment Visitor Management System",
              "vendor": "CodeAstro",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "yingxiujie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in CodeAstro Apartment Visitor Management System 1.0. The impacted element is an unknown function of the file /apartment-visitor/add-apartment.php. The manipulation of the argument apartmentno results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T01:15:21.240Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376285 | CodeAstro Apartment Visitor Management System add-apartment.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376285"
            },
            {
              "name": "VDB-376285 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376285/cti"
            },
            {
              "name": "CVE-2026-14689 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14689"
            },
            {
              "name": "Submit #846829 | codeastro  Apartment Visitor Management System V1.0 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/846829"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/yihaofuweng/cve/issues/70"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://codeastro.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-04T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-04T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-04T06:58:17.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "CodeAstro Apartment Visitor Management System add-apartment.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14689",
        "datePublished": "2026-07-05T01:15:21.240Z",
        "dateReserved": "2026-07-04T04:53:08.746Z",
        "dateUpdated": "2026-07-05T01:15:21.240Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14640 (GCVE-0-2026-14640)

    Vulnerability from cvelistv5 – Published: 2026-07-04 18:15 – Updated: 2026-07-04 18:15
    VLAI
    Title
    CodeAstro Apartment Visitor Management System Login index.php sql injection
    Summary
    A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/376156 vdb-entrytechnical-description
    https://vuldb.com/vuln/376156/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-14640 third-party-advisory
    https://vuldb.com/submit/846010 third-party-advisory
    https://github.com/kk-333/cve/issues/1 exploitissue-tracking
    https://codeastro.com/ product
    Impacted products
    Vendor Product Version
    CodeAstro Apartment Visitor Management System Affected: 1.0
        cpe:2.3:a:codeastro:apartment_visitor_management_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    kk333 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:codeastro:apartment_visitor_management_system:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Login"
              ],
              "product": "Apartment Visitor Management System",
              "vendor": "CodeAstro",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kk333 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-04T18:15:08.221Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376156 | CodeAstro Apartment Visitor Management System Login index.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376156"
            },
            {
              "name": "VDB-376156 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376156/cti"
            },
            {
              "name": "CVE-2026-14640 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14640"
            },
            {
              "name": "Submit #846010 | codeastro  Apartment Visitor Management System   V1.0 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/846010"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/kk-333/cve/issues/1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://codeastro.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-03T19:34:15.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "CodeAstro Apartment Visitor Management System Login index.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14640",
        "datePublished": "2026-07-04T18:15:08.221Z",
        "dateReserved": "2026-07-03T17:29:12.063Z",
        "dateUpdated": "2026-07-04T18:15:08.221Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }