← voltar
CVE-2026-10288

code-projects Hotel and Tourism Reservation System Admin Login login.php password_verify improper authentication

CVSS 6.9 MEDIUMEPSS 0.5%CWE-287
A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function password_verify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Produtos afetados
code-projects · Hotel and Tourism Reservation System
PoCs públicas encontradas2
githubgithub.com/Xmyronn/CVE-2026-10288-AUTH-BYPASS0cve_referencegithub.com/Xmyronn/Hotel-and-Tourism-Reservation-System---Authentication-Bypass.gitnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://code-projects.org/https://github.com/Xmyronn/Hotel-and-Tourism-Reservation-System---Authentication-Bypass.githttps://vuldb.com/cve/CVE-2026-10288https://vuldb.com/submit/825786https://vuldb.com/vuln/367581https://vuldb.com/vuln/367581/cti