code-projects Hotel and Tourism Reservation System GET Parameter tour.php sql...

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in code-projects Hotel and Tourism Reservation System 1.0. The affected element is an unknown function of the file tour.php of the component GET Parameter Handler. Executing a manipulation of the argument tour can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

Basic Information

ID CVE-2026-10290

Source VulDB

Published Jun 1, 2026 at 20:30

Affected Product

Vendor code-projects

Product Hotel and Tourism Reservation System

Version 1.0

Affected Versions code-projects Hotel and Tourism Reservation System 1.0

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A weakness has been identified in code-projects Hotel and Tourism Reservation System 1.0. The affected element is an unknown function of the file tour.php of the component GET Parameter Handler. Executing a manipulation of the argument tour can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.",
    "published": "2026-06-01T20:30:10.524Z",
    "modified": "2026-06-01T20:30:10.524Z",
    "type": "cve",
    "title": "code-projects Hotel and Tourism Reservation System GET Parameter tour.php sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/367583\nhttps://vuldb.com/vuln/367583/cti\nhttps://vuldb.com/cve/CVE-2026-10290\nhttps://vuldb.com/submit/825939\nhttps://github.com/Xmyronn/Hotel-and-Tourism-Reservation-System---Unauthenticated-SQL-Injection.git\nhttps://code-projects.org/",
    "id": "CVE-2026-10290",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "code-projects Hotel and Tourism Reservation System 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Hotel and Tourism Reservation System",
    "version": "1.0",
    "vendor": "code-projects",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

code-projects Hotel and Tourism Reservation System GET Parameter tour.php sql injection_CVE-2026-10290