SQL Injection Vulnerability in SourceCodester Ship Ferry Ticket Reservation System Admin Login
CVE-2026-10877

6.9MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Ship Ferry Ticket Reservation System
Vendor
CVE Published:
4 June 2026

What is CVE-2026-10877?

A security vulnerability exists in the SourceCodester Ship Ferry Ticket Reservation System in the Admin Login component, specifically in the /admin/login.php file. This vulnerability allows remote attackers to exploit an SQL injection flaw through improper handling of the 'Username' parameter. Such exploitation can lead to unauthorized database access, allowing attackers to manipulate, retrieve, or delete sensitive information. Timely remediation is crucial to protect the integrity of the application and its underlying data.

Affected Version(s)

Ship Ferry Ticket Reservation System 1.0

References

https://vuldb.com/vuln/368367
vdb-entrytechnical-description
https://vuldb.com/vuln/368367/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-10877
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Hemant Raj Bhati (VulDB User)
.