| Title | Codeastro Apartment Visitor Management System V1.0 SQL Injection |
|---|
| Description | Codeastro Apartment Visitor Management System V1.0 — SQL Injection in /apartment-visitor/search-result.php.
The searchdata POST parameter is directly concatenated into SQL queries without any sanitization or parameterized binding. The application fails to validate or escape user input before passing it to the database, allowing attackers to forge malicious input that manipulates SQL query logic. |
|---|
| Source | ⚠️ https://gist.github.com/menelausx/29aef0a0ab6f289c0f45b379f6d759d7 |
|---|
| User | JasperX (UID 97281) |
|---|
| Submission | 06/06/2026 15:43 (29 days ago) |
|---|
| Moderation | 07/05/2026 05:56 (29 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 376356 [CodeAstro Apartment Visitor Management System 1.0 POST Parameter search-result.php searchdata sql injection] |
|---|
| Points | 20 |
|---|