CVE-2026-10877
7.3 HIGHA security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0
Published: 2026-06-05 · Last updated: 2026-06-05
Severity and scoring
- CVSS
- 7.3 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-74, CWE-89
Description
A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Username leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10877
- [Other]https://medium.com/@hemantrajbhati5555/sql-injection-in-authentication-mechanism-leads-to-authentication-bypass-65177ce7a41c
- [Other]https://vuldb.com/cve/CVE-2026-10877
- [Other]https://vuldb.com/submit/831871
- [Other]https://vuldb.com/vuln/368367
- [Other]https://vuldb.com/vuln/368367/cti
- [Other]https://www.sourcecodester.com/
Related CVEs
Same CWE
- CVE-2026-48613 — SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migratio... (5.9 MEDIUM)
- CVE-2026-45418 — ClipBucket v5 is an open source video sharing platform (8.8 HIGH)
- CVE-2026-45060 — ClipBucket v5 is an open source video sharing platform (9.8 CRITICAL)
- CVE-2026-42647 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL ... (9.3 CRITICAL)
- CVE-2026-39494 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW a... (9.3 CRITICAL)