Product
A critical SQL injection vulnerability (CVE-2026-14640) in CodeAstro Apartment Visitor Management System 1.0 allows remote attackers to execute arbitrary SQL queries via manipulation of the 'Username' argument in the Login component's '/index.php' file, leading to unauthorized data access, modification, and potential system compromise.