CVE-2026-3746

HIGH

SourceCodester Tourism Website 1.0 - SQL Injection

Title source: llm

Description

A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

References (6)

Scores

CVSS v3 7.3
EPSS 0.0003
EPSS Percentile 9.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE
CWE-89 CWE-74
Status published

Affected Products (1)

oretnom23/simple_responsive_tourism_website

Timeline

Published Mar 08, 2026
Tracked Since Mar 08, 2026