CVE-2026-39109CRITICAL 9.4EPSS p24.1%

CVE-2026-39109CVE-2026-39109

Description

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page (index.php). This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database contents.

Scoring

CVSS 3.19.4 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS0.33% probability of exploitation · percentile 24.1% · 2026-06-19T12:03:05Z
Published2026-04-20
Last modified2026-04-20

Underlying weaknesses· 1

CWE-89

References

  1. https://github.com/efekaanakkar/Apartment-Visitors-Management-System-CVEs/
  2. https://phpgurukul.com/?sdm_process_download=1&download_id=21524
  3. https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-39110
CVE
CVE-2025-11348
CVE
CVE-2026-29861
CVE
CVE-2026-10262
CVE
CVE-2025-2472
CVE
CVE-2026-10208
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.