Skip to main content

Online Boat Reservation System EUVDEUVD-2026-41737

| CVE-2026-14725 LOW
Insufficient Session Expiration (CWE-613)
2026-07-05 VulDB GHSA-4957-h36g-34j9
2.1
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.4 MEDIUM

Network-reachable but requires a prior authenticated session token (PR:L); limited confidentiality and integrity impact via session hijacking, no availability consequence.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jul 05, 2026 - 08:36 vuln.today
Severity Changed
Jul 05, 2026 - 08:22 NVD
MEDIUM LOW
CVSS changed
Jul 05, 2026 - 08:22 NVD
5.3 (MEDIUM) 2.1 (LOW)

DescriptionCVE.org

A vulnerability was identified in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality. Such manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

AnalysisAI

Insufficient session expiration in SourceCodester Online Boat Reservation System 1.0 allows a remote, low-privileged attacker to reuse a previously issued session token after it should have been invalidated, gaining unauthorized access to authenticated application functionality. The CWE-613 root cause indicates the application fails to properly terminate sessions on logout or timeout. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege session token
Delivery
User logs out of application
Exploit
Submit stale token in HTTP request
Execution
Server accepts invalidated session
Impact
Access authenticated user data and functions

Vulnerability AssessmentAI

Exploitation The attacker must possess a valid session token previously issued to a low-privileged authenticated user - this is the primary limiting condition. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 2.1 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N reflects a genuinely low-severity issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a low-privileged account (or who has obtained a session token via a shared device or network interception) logs into the Online Boat Reservation System and captures their session cookie. After the legitimate user logs out, the attacker sends HTTP requests using the stale session token and gains continued access to the authenticated user's reservation data and application functions. …
Remediation No vendor-released patch or official security advisory has been identified at the time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-41737 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy