EUVD-2026-23920
GHSA-2mm2-ghgp-p33q
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionNVD
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the email parameter of the forgot password page (forgot-password.php). This allows an unauthenticated attacker to manipulate backend SQL queries and retrieve sensitive user data.
AnalysisAI
SQL Injection in Apartment Visitors Management System v1.1 allows unauthenticated remote attackers to extract sensitive user data via the forgot-password.php email parameter. The vulnerability requires no authentication (PR:N), no user interaction (UI:N), and has low attack complexity (AC:L), enabling trivial exploitation against any internet-facing installation. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all systems running Apartment Visitors Management System v1.1 and isolate internet-facing instances or restrict network access to trusted sources only. Within 7 days: Contact the vendor for security guidance and inquire about patches or updated versions; consider migrating to an alternative visitor management solution if no patch roadmap exists. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today