| عنوان | code-projects Hotel And Tourism Reservation In PHP With Source Code 1.0 Authentication Bypass Issues |
|---|
| الوصف | A critical authentication bypass vulnerability exists in the admin login functionality of Hotel and Tourism Reservation System 1.0. The vulnerability is caused by an inverted conditional check on the return value of password_verify(), which causes the application to grant access when an incorrect password is supplied and deny access when the correct password is supplied. An unauthenticated remote attacker can gain full administrative access by providing a valid email address and any arbitrary incorrect password. |
|---|
| المصدر | ⚠️ https://github.com/Xmyronn/Hotel-and-Tourism-Reservation-System---Authentication-Bypass.git |
|---|
| المستخدم | imad alvi (UID 97088) |
|---|
| ارسال | 11/05/2026 08:01 PM (26 أيام منذ) |
|---|
| الاعتدال | 31/05/2026 06:40 PM (20 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 367581 [code-projects Hotel and Tourism Reservation System 1.0 Admin Login /admin/login.php password_verify كلمة المرور توثيق ضعيف] |
|---|
| النقاط | 20 |
|---|