Description
A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. This affects an unknown part of the file /apartment-visitor/report.php. Performing a manipulation of the argument fromdate results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
Published: 2026-07-06
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability exists in the CodeAstro Apartment Visitor Management System 1.0. The report.php file can be exploited by manipulating the 'fromdate' argument to inject arbitrary SQL, enabling remote attackers to read or alter the underlying database. This flaw is a classic SQL injection, classified as CWE-74 and CWE-89, and was publicly disclosed, making it available for exploitation.

Affected Systems

Affected product: CodeAstro Apartment Visitor Management System, version 1.0. No other versions were listed. The vulnerability resides in an unidentified component of the /apartment-visitor/report.php script.

Risk and Exploitability

The CVSS score is 5.3, reflecting a moderate impact. The EPSS rating of less than 1% indicates a low likelihood of exploitation in the wild, and it is not listed in the CISA triggered remotely by sending crafted requests to report.php, so organisations using this system should consider the risk moderate to high until mitigated.

Generated by OpenCVE AI on July 6, 2026 at 17:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update or apply the vendor's security patch for the Apartment Visitor Management System to remove the SQL injection flaw.
  • If a patch is unavailable, mitigate by restricting access to report.php behind a firewall or WAF, allowing only trusted IPs or authenticated users to reach the page.
  • Ensure that the input, using parameterized queries or sanitization to prevent SQL code execution.

Generated by OpenCVE AI on July 6, 2026 at 17:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 06 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 04:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. This affects an unknown part of the file /apartment-visitor/report.php. Performing a manipulation of the argument fromdate results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
Title CodeAstro Apartment Visitor Management System report.php sql injection
First Time appeared Codeastro
Codeastro apartment Visitor Management System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:codeastro:apartment_visitor_management_system:*:*:*:*:*:*:*:*
Vendors & Products Codeastro
Codeastro apartment Visitor Management System
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Codeastro Apartment Visitor Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-07-06T15:22:08.769Z

Reserved: 2026-07-05T18:32:29.507Z

Link: CVE-2026-14796

cve-icon Vulnrichment

Updated: 2026-07-06T15:22:04.010Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-06T17:30:16Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')