← volver
CVE-2026-10288

code-projects Hotel and Tourism Reservation System Admin Login login.php password_verify improper authentication

CVSS 6.9 MEDIUMEPSS 0.5%CWE-287
A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function password_verify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
code-projects · Hotel and Tourism Reservation System
PoCs públicas encontradas2
githubgithub.com/Xmyronn/CVE-2026-10288-AUTH-BYPASS0cve_referencegithub.com/Xmyronn/Hotel-and-Tourism-Reservation-System---Authentication-Bypass.gitno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://code-projects.org/https://github.com/Xmyronn/Hotel-and-Tourism-Reservation-System---Authentication-Bypass.githttps://vuldb.com/cve/CVE-2026-10288https://vuldb.com/submit/825786https://vuldb.com/vuln/367581https://vuldb.com/vuln/367581/cti