CVE-2026-10290 | code-projects Hotel and Tourism Reservation System 1.0 GET Parameter tour.php tour sql injection

Inserito da Angelo Barbosa | Mag 31, 2026 | CVE

A vulnerability described as critical has been identified in code-projects Hotel and Tourism Reservation System 1.0. The affected element is an unknown function of the file tour.php of the component GET Parameter Handler. Executing a manipulation of the argument tour can lead to sql injection.

This vulnerability is tracked as CVE-2026-10290. The attack can be launched remotely. Moreover, an exploit is present.

CVE-2026-10290 | code-projects Hotel and Tourism Reservation System 1.0 GET Parameter tour.php tour sql injection

Post correlati

CVE-2023-45707 | HCL Connections Docs up to 2.0.2 cross site scripting (KB0108427)

CVE-2026-8134 | Concrete CMS up to 9.5.0 File Upload ptComposerFormLayoutSetControlCustomTemplate filename control

CVE-2024-2357 | Libreswan up to 4.12 IKEv2 Retransmit denial of service

CVE-2024-8559 | SourceCodester Online Food Menu 1.0 delete-menu.php menu sql injection