CVE-2026-3746 PUBLISHED

A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

• Choco094late (VulDB User) reporter

• VDB-349724 | SourceCodester Simple Responsive Tourism Website Login Login.php sql injection
• VDB-349724 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #767882 | sourcecodester.com Simple Responsive Tourism Website V1.0 SQL Injection
• https://github.com/CH0ico/CVE_choco_7
• https://github.com/CH0ico/CVE_choco_7/blob/main/report.md
• https://www.sourcecodester.com/

• SQL Injection CWE
• Injection CWE