Impact
A vulnerability exists in the CodeAstro Apartment Visitor Management System 1.0. The report.php file can be exploited by manipulating the 'fromdate' argument to inject arbitrary SQL, enabling remote attackers to read or alter the underlying database. This flaw is a classic SQL injection, classified as CWE-74 and CWE-89, and was publicly disclosed, making it available for exploitation.
Affected Systems
Affected product: CodeAstro Apartment Visitor Management System, version 1.0. No other versions were listed. The vulnerability resides in an unidentified component of the /apartment-visitor/report.php script.
Risk and Exploitability
The CVSS score is 5.3, reflecting a moderate impact. The EPSS rating of less than 1% indicates a low likelihood of exploitation in the wild, and it is not listed in the CISA triggered remotely by sending crafted requests to report.php, so organisations using this system should consider the risk moderate to high until mitigated.
OpenCVE Enrichment