CVE-2026-10877

Vulnerability

A SQL injection vulnerability exists in SourceCodester Ship Ferry Ticket Reservation System up to version 1.0. The vulnerability resides in the login.php file within the Admin Login component, specifically when manipulating the Username argument. This flaw allows for SQL injection attacks.

Exploitation

An attacker can exploit this vulnerability remotely by sending a specially crafted request to the /admin/login.php endpoint. The attacker needs to manipulate the Username parameter with SQL injection payloads to trigger the vulnerability. No specific authentication or user interaction is mentioned as required in the available references.

Impact

Successful exploitation of this SQL injection vulnerability allows an attacker to execute arbitrary SQL queries on the underlying database. This could lead to unauthorized access to sensitive information, data modification, or even complete database compromise, depending on the privileges of the database user associated with the application.

Mitigation

Not yet disclosed in the available references. The provided references do not contain information regarding a fixed version, workarounds, or any mitigation strategies for this vulnerability.