PHP CVE-2026-39110

| EUVD-2026-23919 HIGH
SQL Injection (CWE-89)
2026-04-20 mitre GHSA-m39g-8x47-rrc5
PHP SQLi N A
8.2
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Apr 20, 2026 - 20:32 vuln.today
CVSS changed
Apr 20, 2026 - 19:22 NVD
8.2 (HIGH)

DescriptionNVD

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page (forgot-password.php). This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database contents.

AnalysisAI

SQL injection in Apartment Visitors Management System v1.1 allows unauthenticated remote attackers to extract sensitive database contents via the contactno parameter on the password reset page. The vulnerability bypasses authentication controls through crafted input during password recovery operations. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Disable or restrict network access to the password reset functionality on all Apartment Visitors Management System v1.1 instances; document affected systems and data scope. Within 7 days: Deploy input validation and parameterized query mitigations (see compensating_controls); conduct database access logs review for exploitation indicators. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-39110 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy