Security Advisory

CVE-2026-39110

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-20 00:00:00

Last updated 2026-04-20 18:34:55

Assigner mitre

State PUBLISHED

Description

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page (forgot-password.php). This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database contents.

← Browse all CVEs View on cve.org ↗