CVE-2026-10290
7.3 HIGHA weakness has been identified in code-projects Hotel and Tourism Reservation System 1.0
Published: 2026-06-01 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 7.3 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-74, CWE-89
Description
A weakness has been identified in code-projects Hotel and Tourism Reservation System 1.0. The affected element is an unknown function of the file tour.php of the component GET Parameter Handler. Executing a manipulation of the argument tour can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10290
- [Other]https://code-projects.org/
- [Other]https://github.com/Xmyronn/Hotel-and-Tourism-Reservation-System---Unauthenticated-SQL-Injection.git
- [Other]https://vuldb.com/cve/CVE-2026-10290
- [Other]https://vuldb.com/submit/825939
- [Other]https://vuldb.com/vuln/367583
- [Other]https://vuldb.com/vuln/367583/cti
Related CVEs
Same CWE
- CVE-2026-12206 — A vulnerability was identified in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)
- CVE-2026-12197 — A security flaw has been discovered in Ruijie EG105G-P 2.340 (7.2 HIGH)
- CVE-2026-12188 — A vulnerability was detected in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)
- CVE-2026-12187 — A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5 (8.8 HIGH)
- CVE-2026-12186 — A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5 (8.8 HIGH)