A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This manipulation of the argument Username causes sql injection.
This vulnerability appears as CVE-2026-3746. The attack may be initiated remotely. In addition, an exploit is available.
