| 标题 | code-projects Hotel And Tourism Reservation In PHP With Source Code 1.0 Authentication Bypass Issues |
|---|
| 描述 | A critical authentication bypass vulnerability exists in the admin login functionality of Hotel and Tourism Reservation System 1.0. The vulnerability is caused by an inverted conditional check on the return value of password_verify(), which causes the application to grant access when an incorrect password is supplied and deny access when the correct password is supplied. An unauthenticated remote attacker can gain full administrative access by providing a valid email address and any arbitrary incorrect password. |
|---|
| 来源 | ⚠️ https://github.com/Xmyronn/Hotel-and-Tourism-Reservation-System---Authentication-Bypass.git |
|---|
| 用户 | imad alvi (UID 97088) |
|---|
| 提交 | 2026-05-11 20時01分 (24 日前) |
|---|
| 管理 | 2026-05-31 18時40分 (20 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 367581 [code-projects Hotel and Tourism Reservation System 1.0 Admin Login /admin/login.php password_verify 密码 弱身份验证] |
|---|
| 积分 | 20 |
|---|