CVE-2026-10693
MEDIUMSourceCodester Online Boat Reservation System Administrative Endpoint improper authorization
Title source: cnaDescription
A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative Endpoint. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Multiple endpoints are affected.
References (6)
Core 6
Core References
Vdb Entry vdb-entry
VDB-367962 | SourceCodester Online Boat Reservation System Administrative Endpoint improper authorization
https://vuldb.com/vuln/367962
Signature, Permissions Required signature
permissions-required
VDB-367962 | CTI Indicators (IOB, IOC, TTP)
https://vuldb.com/vuln/367962/cti
Third Party Advisory third-party-advisory
CVE-2026-10693 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-10693
Third Party Advisory third-party-advisory
Submit #830894 | SourceCodester Online Boat Reservation System 1.0 Broken Access Control
https://vuldb.com/submit/830894
Exploit broken-link
exploit
https://medium.com/@hemantrajbhati5555/broken-access-control-in-sourcecodester-online-boat-reservation-system-1-0-4ed0380d2222
Product product
https://www.sourcecodester.com/
Scores
CVSS v3
6.3
EPSS
0.0021
EPSS Percentile
11.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-266
CWE-285
Status
published
Products (1)
SourceCodester/Online Boat Reservation System
1.0
Published
Jun 03, 2026
Tracked Since
Jun 03, 2026