CRITICAL🇵🇱 Wersja polska

CVE-2026-30533

CVSS 9.8v3.1pub. 2026-03-27upd. 2026-03-30

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php file via the "id" parameter.

🤖 AI Analysis
How it works

The vulnerability exists in the admin/manage_product.php file, where the 'id' parameter transmitted in the HTTP request is not properly validated or parameterized before use in an SQL query. An attacker can inject malicious SQL code by manipulating the value of this parameter, allowing execution of arbitrary queries to the database. The attack is possible remotely, without authentication, and without user interaction.

Impact

An attacker can gain full access to data stored in the database (including user and product data), and depending on the database server configuration, can also modify or delete data, leading to violations of system confidentiality, integrity, and availability.

Mitigation & patch

Patches available from the vendor should be applied according to the references. It is also recommended to implement parameterized SQL queries (prepared statements) and server-side input validation. Until updates are applied, it is recommended to restrict access to the admin panel exclusively to trusted IP addresses.

Who is affected

SourceCodester Online Food Ordering System v1.0 (admin/manage_product.php file, 'id' parameter)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Oretnom23 Online Food Ordering System

    APP
    Oretnom23
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2026-30532CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SourceCodester Online Food Ordering System via parametr 'id'

CVE-2026-30530CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Online Food Ordering System — parametr username

CVE-2023-30122CRITICAL9.8ten sam produkt

An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Orderi...

CVE-2023-24646CRITICAL9.8ten sam produkt

An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allow...

CVE-2020-29297CRITICAL9.8ten sam produkt

Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0.