Critical severity9.4NVD Advisory· Published Apr 20, 2026· Updated Apr 20, 2026

CVE-2026-39109

Description

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page (index.php). This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database contents.

Affected products

Phpgurukul/Apartment Visitors Management Systemllm-fuzzy
Range: = V1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

phpgurukul.comnvd
phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/nvd

News mentions

No linked articles in our index yet.

cvss	0.611
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000