Impact
A vulnerability exists in the Login component of CodeAstro Apartment Visitor Management System 1.0, where manipulating the Username argument in the /index.php file allows an attacker to inject arbitrary SQL. The flaw is a classic input validation weakness (CWE‑74) and can result in unauthorized data access or modification. Because the injection occurs in the authentication endpoint, the attacker can bypass authentication or extract sensitive information, compromising confidentiality and integrity of the visitor database.
Affected Systems
CodeAstro Apartment Visitor Management System, version 1.0. No other versions are listed as affected. The vulnerability resides in the web application’s index.php login page.
Risk and Exploitability
The CVSS score of 6.9 indicates a moderate severity. The EPSS score is not available, but a public exploit has been documented, showing that attackers can remotely trigger the injection from any network with access to the web interface. The vulnerability is not listed in the CISA KEV catalog. Remote attackers can exploit this flaw by sending crafted Username values to the login endpoint; no special privileges or local access are required.
OpenCVE Enrichment