CRITICAL🇵🇱 Wersja polska

CVE-2026-30532

CVSS 9.8v3.1pub. 2026-03-27upd. 2026-03-30

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter.

🤖 AI Analysis
How it works

The vulnerability occurs in the 'id' parameter handled by the admin/view_product.php file. Data supplied by the user is passed directly to the SQL query without proper validation or parameterization. An attacker can inject malicious SQL code, modifying the query logic and gaining unauthorized access to the database. The attack vector is network-based, requires no authentication or user interaction (CVSS AV:N/AC:L/PR:N/UI:N).

Impact

An attacker can gain full access to data stored in the database (including user and administrator data), modify or delete data, and in some configurations potentially execute operations at the server operating system level.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Until the patch is implemented, it is recommended to restrict access to the administration panel (e.g., through a firewall or IP address restrictions) and implement SQL query validation and parameterization on the application side.

Who is affected

SourceCodester Online Food Ordering System v1.0 (admin/view_product.php file, 'id' parameter)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Oretnom23 Online Food Ordering System

    APP
    Oretnom23
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2026-30533CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Online Food Ordering System przez parametr 'id'

CVE-2026-30530CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Online Food Ordering System — parametr username

CVE-2023-30122CRITICAL9.8ten sam produkt

An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Orderi...

CVE-2023-24646CRITICAL9.8ten sam produkt

An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allow...

CVE-2020-29297CRITICAL9.8ten sam produkt

Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0.