Description
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php.
Published: 2026-03-02
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection leading to data exposure or modification
Action: Immediate Patch
AI Analysis

Impact

Simple Food Order System v1.0 is vulnerable to SQL Injection in the /food/view-ticket.php page. By providing specially crafted input, an attacker can influence the SQL statement executed against the database. This flaw, defined as CWE‑89, permits unauthorized reading, alteration, or deletion of database content, potentially exposing sensitive customer data and disrupting order processing.

Affected Systems

The single affected product is Simple Food Order System version 1.0, developed by Carmelo. No other vendors or versions are documented in the supplied data.

Risk and Exploitability

The CVSS score of 9.8 flags this as a critical vulnerability. Although the EPSS score is less than 1%, indicating a low exploitation probability under current conditions, the web-based entry point makes it readily exploitable for remote attackers. The flaw is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on April 16, 2026 at 14:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a patched version of Simple Food Order System that addresses the SQL Injection flaw, if one is available.
  • If no patch is available, refactor the /food/view-ticket.php code to use parameterized queries or properly escape all user inputs to eliminate the injection vector.
  • Ensure the database user account used by the application has the minimal permissions required, limiting the potential damage from a successful injection.

Generated by OpenCVE AI on April 16, 2026 at 14:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Title SQL Injection in Simple Food Order System v1.0

Wed, 04 Mar 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects simple Food Order System
Vendors & Products Code-projects
Code-projects simple Food Order System

Tue, 03 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Carmelo
Carmelo simple Food Order System
Weaknesses CWE-89
CPEs cpe:2.3:a:carmelo:simple_food_order_system:1.0:*:*:*:*:*:*:*
Vendors & Products Carmelo
Carmelo simple Food Order System
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 02 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
Description code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php.
References

Subscriptions

Carmelo Simple Food Order System
Code-projects Simple Food Order System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-03T15:18:25.336Z

Reserved: 2026-02-16T00:00:00.000Z

Link: CVE-2026-26711

cve-icon Vulnrichment

Updated: 2026-03-03T15:18:19.963Z

cve-icon NVD

Status : Modified

Published: 2026-03-02T19:16:33.600

Modified: 2026-03-03T16:16:21.593

Link: CVE-2026-26711

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T15:00:14Z

Weaknesses