Description
A security flaw has been discovered in CodeAstro Apartment Visitor Management System 1.0. The impacted element is an unknown function of the file /apartment-visitor/add-apartment.php. The manipulation of the argument apartmentno results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Problem types
Product status
Timeline
| 2026-07-04: | Advisory disclosed |
| 2026-07-04: | VulDB entry created |
| 2026-07-04: | VulDB entry last update |
Credits
yingxiujie (VulDB User)
References
vuldb.com/vuln/376285 (VDB-376285 | CodeAstro Apartment Visitor Management System add-apartment.php sql injection)
vuldb.com/vuln/376285/cti (VDB-376285 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/cve/CVE-2026-14689 (CVE-2026-14689 | CVE Analysis and Report)
vuldb.com/submit/846829 (Submit #846829 | codeastro Apartment Visitor Management System V1.0 SQL Injection)
github.com/yihaofuweng/cve/issues/70
codeastro.com/