Description
A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Username leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
Published: 2026-06-04
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a SQL injection in the username field of the /admin/login.php script of SourceCodester’s Ship Ferry Ticket Reservation System. By injecting crafted SQL, an unauthenticated attacker can bypass authentication and gain administrative access. The flaw is linked to CWE-74 (URL Encoding Manipulation) and CWE-89 (SQL Injection). This results in unauthorized system control, enabling potential data theft, modification or deletion.

Affected Systems

The flaw exists in SourceCodester Ship Ferry Ticket Reservation System version 1.0 and earlier. The affected component is the Admin Login module located at /admin/login.php. All deployments of the vulnerable version by SourceCodester are susceptible.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate risk. EPSS is not available, but the publicly disclosed exploit demonstrates feasibility. Because the vulnerability is remote and triggered by a simple form submission, an attacker with internet access can exploit it without prior credentials. The vulnerability is not listed in CISA’s KEV catalog, yet the ease of exploitation and potential impact warrant prompt remediation.

Generated by OpenCVE AI on June 5, 2026 at 03:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the system to a patched version that fixes the SQL injection in admin/login.php.
  • If a patch is not available, rewrite the login functionality to use prepared statements and validate the username input to prevent SQL injection.
  • Limit access to the admin login endpoint to trusted networks or enforce IP whitelisting.

Generated by OpenCVE AI on June 5, 2026 at 03:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Username leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
Title SourceCodester Ship Ferry Ticket Reservation System Admin Login login.php sql injection
First Time appeared Sourcecodester
Sourcecodester ship Ferry Ticket Reservation System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:sourcecodester:ship_ferry_ticket_reservation_system:*:*:*:*:*:*:*:*
Vendors & Products Sourcecodester
Sourcecodester ship Ferry Ticket Reservation System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sourcecodester Ship Ferry Ticket Reservation System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-04T23:45:10.256Z

Reserved: 2026-06-04T15:37:11.807Z

Link: CVE-2026-10877

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-05T00:16:59.530

Modified: 2026-06-05T00:16:59.530

Link: CVE-2026-10877

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T04:30:31Z

Weaknesses