CVE-2026-39109 - Apartment Visitors Management System - SQL Injection

Overview

Apartment Visitors Management System V1.1 contains a sql injection caused by unsanitized input in the username parameter of the login page (index.php), letting unauthenticated attackers retrieve sensitive database contents.

Severity & Score

Severity: Critical

CVSS Score: 9.4

EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can retrieve sensitive database contents, potentially compromising the entire database.

Mitigation

Update to the latest version of Apartment Visitors Management System.

References

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

Apr 20, 2026

🔴 CVE-2026-39109 - Critical (9.4) SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page (index.php). This allows an unauthenticated attacker to manipulate backend SQL queries du... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39109/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

Apr 20, 2026

🔴 CVE-2026-39109 - Critical (9.4) SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page (index.php). This allows an unauthenticated attacker to manipulate backend SQL queries du... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39109/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

CVE-2026-39109 - Vulnerability Analysis

Overview

Severity & Score

Impact

Mitigation

References

Social Media Activity(2 posts)

Related Resources

Details

CWE

CVSS Metrics

EPSS Score