CVE-2026-39110 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: April 20, 2026
Apartment Visitors Management System - SQL Injection
Overview
Apartment Visitors Management System V1.1 contains a sql injection caused by unsanitized input in the contactno parameter of forgot-password.php, letting unauthenticated attackers retrieve sensitive database contents.
Severity & Score
Impact
Unauthenticated attackers can retrieve sensitive database information, potentially compromising user data and system integrity.
Mitigation
Update to the latest version of Apartment Visitors Management System.
References
Social Media Activity(2 posts)
š CVE-2026-39110 - High (8.2) SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page (forgot-password.php). This allows an unauthenticated attacker to manipulate backe... š https://www.thehackerwire.com/vulnerability/CVE-2026-39110/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-39110 - High (8.2) SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page (forgot-password.php). This allows an unauthenticated attacker to manipulate backe... š https://www.thehackerwire.com/vulnerability/CVE-2026-39110/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-39110
- Severity
- High
- CVSS Score
- 8.2
- Type
- sql_injection
- Status
- rejected
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N