Description
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php.
Published: 2026-03-02
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection data breach
Action: Patch
AI Analysis

Impact

The Simple Food Order System version 1.0 has a flaw in the /food/routers/edit‑orders.php script that allows attackers to inject arbitrary SQL statements. This vulnerability can enable an adversary to retrieve, modify, or delete order data stored in the database, potentially leading to data exposure or compromise of the system’s integrity. The weakness is a classic input‑validation failure outlined by CWE‑89.

Affected Systems

The affected product is Carmelo’s Simple Food Order System v1.0, as identified by the CPE string. No other versions or related products are listed.

Risk and Exploitability

With a CVSS score of 9.8, the vulnerability is considered critical. Even though the EPSS score is reported as less than 1 %, exploitation is still possible, especially if the endpoint is exposed publicly. The vulnerability is not recorded in the CISA KEV catalogue. Attackers likely target the /food/routers/edit‑orders.php endpoint via remote web requests; authentication or privilege prerequisites are not explicitly stated, so the exact attack vector remains uncertain but the potential for data compromise is high.

Generated by OpenCVE AI on April 16, 2026 at 14:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑issued patch or upgrade to a fixed version of Simple Food Order System
  • If a patch is not yet available, block or remove access to the /food/routers/edit‑orders.php endpoint until a fix is deployed
  • Review all input handling in the application and replace string concatenation with prepared statements or parameterized queries to prevent SQL injection

Generated by OpenCVE AI on April 16, 2026 at 14:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Simple Food Order System

Wed, 04 Mar 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects simple Food Order System
Vendors & Products Code-projects
Code-projects simple Food Order System

Tue, 03 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Carmelo
Carmelo simple Food Order System
Weaknesses CWE-89
CPEs cpe:2.3:a:carmelo:simple_food_order_system:1.0:*:*:*:*:*:*:*
Vendors & Products Carmelo
Carmelo simple Food Order System
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 02 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
Description code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php.
References

Subscriptions

Carmelo Simple Food Order System
Code-projects Simple Food Order System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-03T15:16:27.179Z

Reserved: 2026-02-16T00:00:00.000Z

Link: CVE-2026-26710

cve-icon Vulnrichment

Updated: 2026-03-03T15:16:20.320Z

cve-icon NVD

Status : Modified

Published: 2026-03-02T19:16:33.487

Modified: 2026-03-03T16:16:21.417

Link: CVE-2026-26710

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T15:00:14Z

Weaknesses