CVE 9.4 CRITICAL

CVE-2026-39109_CVE-2026-39109

April 20, 2026 invoker category_cve

9.4 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Description

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page (index.php). This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database contents.

AI Analysis

SQL Injection vulnerability allowing unauthenticated attackers to manipulate backend SQL queries and retrieve sensitive database contents

Basic Information

ID CVE-2026-39109

Source mitre

Published Apr 20, 2026 at 00:00

Modified Apr 20, 2026 at 18:31

Affected Product

Vendor phpgurukul

Product Apartment Visitors Management System

Version V1.1

Affected Versions n/a n/a n/a

CWE Classification

CWE-89

AI Assessment

AI Score 9.4 / 10

AI Severity Critical

Vendor phpgurukul

Product Apartment Visitors Management System

Version V1.1

References

{
    "lastseen": "",
    "description": "SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page (index.php). This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database contents.",
    "published": "2026-04-20T00:00:00.000Z",
    "modified": "2026-04-20T18:31:04.461Z",
    "type": "cve",
    "title": "CVE-2026-39109",
    "source": "mitre",
    "references": "https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/\nhttps://phpgurukul.com/?sdm_process_download=1&download_id=21524\nhttps://github.com/efekaanakkar/Apartment-Visitors-Management-System-CVEs/",
    "id": "CVE-2026-39109",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apartment Visitors Management System",
    "version": "V1.1",
    "vendor": "phpgurukul",
    "ai_description": "SQL Injection vulnerability allowing unauthenticated attackers to manipulate backend SQL queries and retrieve sensitive database contents",
    "ai_severity": "Critical",
    "ai_vendor": "phpgurukul",
    "ai_product": "Apartment Visitors Management System",
    "ai_version": "V1.1",
    "ai_score": 9.4
}

💭 Join the Security Discussion ❌ Cancel Reply