PatchSiren cyber security CVE debrief
CVE-2026-10877 SourceCodester CVE debrief
A SQL injection vulnerability has been detected in the SourceCodester Ship Ferry Ticket Reservation System up to version 1.0. The vulnerability affects an unknown function in the `/admin/login.php` file of the Admin Login component. Manipulation of the `Username` argument leads to SQL injection, allowing remote attackers to execute the attack. The exploit has been publicly disclosed and may be used. The CVSS score for this vulnerability is 5.5, with a severity rating of MEDIUM.
- Vendor
- SourceCodester
- Product
- Ship Ferry Ticket Reservation System
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-05
Who should care
Administrators and users of the SourceCodester Ship Ferry Ticket Reservation System up to version 1.0 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by a lack of proper input validation in the `Username` argument of the `/admin/login.php` file. This allows remote attackers to inject malicious SQL code, potentially leading to authentication bypass or other malicious activities.
Defensive priority
MEDIUM
Recommended defensive actions
- Update the SourceCodester Ship Ferry Ticket Reservation System to the latest version.
- Implement proper input validation and sanitization for user input.
- Use prepared statements or parameterized queries to prevent SQL injection.
Evidence notes
The CVE record for CVE-2026-10877 provides additional information on the vulnerability, including its CVSS score and severity rating. [resourceLinkAnnotations:cve-org]
Official resources
CVE-2026-10877 was published on 2026-06-05T00:16:59.530Z and modified on 2026-06-05T13:26:15.113Z.