CVE-2026-3746
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Description
A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Analysis
SQL injection in SourceCodester Simple Responsive Tourism Website 1.0 via the Username parameter in the Login.php component enables unauthenticated remote attackers to manipulate database queries and potentially extract sensitive data or modify application state. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems exposed to active exploitation.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running SourceCodester Simple Responsive Tourism Website 1.0 and document affected assets; implement network-level access controls to restrict traffic to the /tourism/classes/Login.php endpoint. Within 7 days: Deploy WAF rules to block suspicious login attempts; enable detailed logging on authentication endpoints; consider taking the application offline if it's not business-critical. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today