CVE-2026-10288
7.3 HIGHA vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0
Published: 2026-06-01 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 7.3 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-287
Description
A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function password_verify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10288
- [Other]https://code-projects.org/
- [Other]https://github.com/Xmyronn/Hotel-and-Tourism-Reservation-System---Authentication-Bypass.git
- [Other]https://vuldb.com/cve/CVE-2026-10288
- [Other]https://vuldb.com/submit/825786
- [Other]https://vuldb.com/vuln/367581
- [Other]https://vuldb.com/vuln/367581/cti
Related CVEs
Same CWE
- CVE-2026-12183 — Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerabili... (9.8 CRITICAL)
- CVE-2026-50623 — An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF (6.5 MEDIUM)
- CVE-2026-48611 — Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading t... (9.8 CRITICAL)
- CVE-2026-40995 — X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, ... (5.4 MEDIUM)
- CVE-2026-47166 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.7 MEDIUM)