CVE-2026-2848

HIGH

SourceCodester Tourism Website 1.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-2848. PoCs published by richardpaimu34.

AI-analyzed exploit summary The repository claims to exploit CVE-2026-2848, a SQL injection vulnerability in SourceCodester Simple Responsive Tourism Website 1.0, but provides no actual exploit code. Instead, it directs users to an external download link (tinyurl.com), which is a common tactic for distributing malware or fake exploits.

Description

A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=register of the component Registration. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.

Exploits (1)

nomisec SUSPICIOUS

by richardpaimu34 · poc

https://github.com/richardpaimu34/CVE-2026-2848

View Code ZIP pw:eip

The repository claims to exploit CVE-2026-2848, a SQL injection vulnerability in SourceCodester Simple Responsive Tourism Website 1.0, but provides no actual exploit code. Instead, it directs users to an external download link (tinyurl.com), which is a common tactic for distributing malware or fake exploits.

Classification

Suspicious 90%

Attack Type

Sqli

Complexity

Theoretical

Reliability

Theoretical

Target: SourceCodester Simple Responsive Tourism Website 1.0

No auth needed

Prerequisites: Access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 22, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.347084

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.347084

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.753967

Exploit, Third Party Advisory, Issue Tracking exploit issue-tracking

https://github.com/anupeng/CVE/issues/1

Product product

https://www.sourcecodester.com/

Scores

CVSS v3 7.3

EPSS 0.0033

EPSS Percentile 24.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

oretnom23/simple_responsive_tourism_website 1.0

Published Feb 20, 2026

Tracked Since Feb 21, 2026