| Titre | code-projects Hotel And Tourism Reservation In PHP With Source Code 1.0 Authentication Bypass Issues |
|---|
| Description | A critical authentication bypass vulnerability exists in the admin login functionality of Hotel and Tourism Reservation System 1.0. The vulnerability is caused by an inverted conditional check on the return value of password_verify(), which causes the application to grant access when an incorrect password is supplied and deny access when the correct password is supplied. An unauthenticated remote attacker can gain full administrative access by providing a valid email address and any arbitrary incorrect password. |
|---|
| La source | ⚠️ https://github.com/Xmyronn/Hotel-and-Tourism-Reservation-System---Authentication-Bypass.git |
|---|
| Utilisateur | imad alvi (UID 97088) |
|---|
| Soumission | 11/05/2026 20:01 (il y a 27 jours) |
|---|
| Modérer | 31/05/2026 18:40 (20 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 367581 [code-projects Hotel and Tourism Reservation System 1.0 Admin Login /admin/login.php password_verify Mot de passe authentification faible] |
|---|
| Points | 20 |
|---|