CVE-2026-10288
Received Received - Intake
Authentication Bypass in Hotel Tourism Reservation System

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: VulDB

Description
A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function password_verify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-02
AI Q&A
2026-06-02
EPSS Evaluated
N/A
NVD
CVE-2026-10288
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
code-projects hotel_and_tourism_reservation_system 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Hotel and Tourism Reservation System 1.0, specifically in the Admin Login component's password_verify function located in /admin/login.php.

The issue arises from manipulation of the Password argument, which leads to improper authentication.

An attacker can exploit this vulnerability remotely, and the exploit is publicly available.


How can this vulnerability impact me? :

This vulnerability allows an attacker to bypass proper authentication mechanisms remotely.

As a result, unauthorized users could gain administrative access to the system.

This could lead to unauthorized control over the reservation system, potentially compromising sensitive data and system integrity.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart