Skip to main content

Online Boat Reservation System EUVD-2026-34058

| CVE-2026-10693 LOW
Improper Authorization (CWE-285)
2026-06-03 VulDB GHSA-f493-gq25-5c5x
Authentication Bypass Online Boat Reservation System
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jun 03, 2026 - 01:22 NVD
MEDIUM LOW
CVSS changed
Jun 03, 2026 - 01:22 NVD
6.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
Jun 03, 2026 - 00:44 vuln.today

DescriptionCVE.org

A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative Endpoint. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Multiple endpoints are affected.

AnalysisAI

Improper authorization across multiple administrative endpoints in SourceCodester Online Boat Reservation System 1.0 allows remote authenticated attackers with low-privilege accounts to bypass access controls and interact with admin-only functionality. The vulnerability, classified as broken access control (CWE-285), enables unauthorized reads, writes, and limited availability impact on restricted resources. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain or register low-privilege account
Delivery
Authenticate to application
Exploit
Identify administrative endpoint URLs (via PoC guide)
Execution
Send direct HTTP request to admin endpoint
Persist
Server skips authorization check
Impact
Read or modify administrative data
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The CVSS vector PR:L confirms that exploitation requires a valid low-privilege authenticated session - the attacker must possess or obtain a regular user account on the target application. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS base score of 6.3 (Medium) reflects a balanced but real risk: network-reachable (AV:N), low attack complexity (AC:L), low privilege required (PR:L), no user interaction (UI:N), with limited confidentiality, integrity, and availability impact (C:L/I:L/A:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers or obtains a low-privilege user account on a publicly accessible deployment of the Online Boat Reservation System 1.0, then directly navigates to administrative endpoints (such as admin panel routes) without modifying session tokens or performing privilege escalation - the server processes the requests without enforcing role checks. Using the publicly available PoC as a guide, the attacker reads sensitive reservation data, modifies or deletes records, or alters system configuration, achieving limited but meaningful impact across confidentiality, integrity, and availability dimensions. …
Remediation No vendor-released patch has been identified at time of analysis - the CPE wildcard and absence of a fixed-version advisory indicate SourceCodester has not published a corrective release. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-34058 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy