Impact
A flaw was identified in the edit-apartment.php component of CodeAstro Apartment Visitor Management System. By manipulating the editid parameter, an attacker can inject arbitrary SQL statements, allowing unauthorized reading, modification, or deletion of database records. This remote vulnerability could expose sensitive visitor and apartment data, compromise data integrity, and potentially disrupt system operations.
Affected Systems
The affected product is CodeAstro Apartment Visitor Management System, version 1.0, running on a web server that serves the edit-apartment.php endpoint. The vulnerability originates from unfiltered user input handling in that file.
Risk and Exploitability
The CVSS score of 5.3 indicates moderate severity, while the EPSS score of less than 1% suggests a relatively low likelihood of widespread exploitation at this time. However, the issue is publicly disclosed and can be leveraged remotely from anywhere with network access to the web interface. The vulnerability is not listed in the CISA KEV catalog, but its potential to compromise data remains significant.
OpenCVE Enrichment