← volver
CVE-2026-10288

code-projects Hotel and Tourism Reservation System Admin Login login.php password_verify improper authentication

CVSS 6.9 MEDIUMEPSS 0.5%CWE-287
Vexday Risk Score
33Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 6.9EPSS 0.5%KEV nãoPoC públicaNuclei Metasploit Patch
Ciclo de vida
11 may 2026PoC pública
01 jun 2026Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function password_verify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
code-projects · Hotel and Tourism Reservation System
PoCs públicas encontradas2
githubgithub.com/Xmyronn/CVE-2026-10288-AUTH-BYPASS0cve_referencegithub.com/Xmyronn/Hotel-and-Tourism-Reservation-System---Authentication-Bypass.gitno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://code-projects.org/https://github.com/Xmyronn/Hotel-and-Tourism-Reservation-System---Authentication-Bypass.githttps://vuldb.com/cve/CVE-2026-10288https://vuldb.com/submit/825786https://vuldb.com/vuln/367581https://vuldb.com/vuln/367581/cti