PT-2026-45605 · Code Projects · Hotel/Tourism Reservation System

·

CVE-2026-10290

·

Published

2026-06-01

·

Updated

2026-06-01

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions code-projects Hotel and Tourism Reservation System version 1.0
Description A weakness in the GET Parameter Handler component within the tour.php file allows for remote SQL injection. This occurs when the tour argument is manipulated, enabling an attacker to interfere with the application's database queries.
Recommendations As a temporary workaround, restrict access to the tour parameter in the tour.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-10290

Affected Products

Hotel/Tourism Reservation System