Impact
The flaw is an unvalidated argument in cart.php that lets an attacker set the item_price value, causing the system to apply a different price than intended. This business‑logic error can lead to unauthorized discounts or overcharging, impacting the integrity of transaction totals. The vulnerability is identified as CWE‑840.
Affected Systems
The vulnerability exists in SourceCodester Simple Food Ordering System 1.0. No higher or lower versions are listed in the current data. Administrators should verify that they are running this product and evaluate whether the affected code remains in use.
Risk and Exploitability
The CVSS score of 6.9 indicates a medium to high risk. EPSS data is not available, and the vulnerability is not currently listed in CISA’s KEV catalog. The attack can be carried out remotely by manipulating the item_price parameter in a request to cart.php. Published exploit code exists, so an attacker could deploy it without significant additional effort.
OpenCVE Enrichment