Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
SourceCodester Simple Responsive Tourism Website SQL Injection
CVE-2026-2848
Summary
A security issue has been found in SourceCodester's Simple Responsive Tourism Website, specifically in the registration feature. This means an attacker could potentially inject malicious SQL code to access or modify sensitive data. To protect your website, update to the latest version of the software or patch the affected file.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| oretnom23 | simple_responsive_tourism_website | 1.0 | – |
Original title
A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=register of the component...
Original description
A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=register of the component Registration. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
nvd CVSS2.0
7.5
nvd CVSS3.1
9.8
nvd CVSS4.0
6.9
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
- https://github.com/anupeng/CVE/issues/1 Exploit Third Party Advisory Issue Tracking
- https://vuldb.com/?ctiid.347084 Permissions Required VDB Entry
- https://vuldb.com/?id.347084 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.753967 Third Party Advisory VDB Entry
- https://www.sourcecodester.com/ Product
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026