A vulnerability labeled as critical has been found in code-projects Hotel and Tourism Reservation System 1.0 . This issue affects the function password_verify of the file /admin/login.php of the component Admin Login . Such manipulation of the argument Password leads to improper authentication. This vulnerability is referenced as CVE-2026-10288 . It is possible to launch the attack remotely. Furthermore, an exploit is available.