efekaanakkar/Apartment-Visitors-Management-System-CVEs

Releases0

Multiple CVEs affecting Apartment Visitors Management System v1.1, including SQL Injection and Stored XSS vulnerabilities with detailed analysis and proof-of-concept.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-39109 ↗	Apr 20, 2026Monday, 20 April 2026, 18:16	9.4 CRITICAL	—
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page (index.php). This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database contents.
CVE-2026-39110 ↗	Apr 20, 2026Monday, 20 April 2026, 18:16	8.2 HIGH	—
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page (forgot-password.php). This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database contents.
CVE-2026-39111 ↗	Apr 20, 2026Monday, 20 April 2026, 18:16	7.5 HIGH	—
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the email parameter of the forgot password page (forgot-password.php). This allows an unauthenticated attacker to manipulate backend SQL queries and retrieve sensitive user data.
CVE-2026-39112 ↗	Apr 20, 2026Monday, 20 April 2026, 18:16	5.4 MEDIUM	—
Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in manage-newvisitors.php or visitor-detail.php.