Description
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter.
Published: 2026-03-27
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Potential unauthorized data access through SQL injection
Action: Apply Patch
AI Analysis

Impact

This vulnerability allows an attacker to inject arbitrary SQL code via the "id" parameter in the admin view_product.php script of SourceCodester Online Food Ordering System v1.0. The injection could be used to read, modify, or delete data in the underlying database, resulting in loss of confidentiality, integrity, and availability of sensitive information. The description indicates a typical SQL injection weakness (CWE‑89).

Affected Systems

SourceCodester Online Food Ordering System version 1.0 is affected. No other products or versions are listed. The vulnerability resides in the admin module, specifically the view_product.php file.

Risk and Exploitability

The exact CVSS score is not provided, but SQL injection vulnerabilities are often considered high risk because they can be exploited from external input. No EPSS score is available, so the likelihood of exploitation cannot be quantified. The vulnerability is not listed in the CISA KEV catalog, suggesting it may not yet be actively exploited publicly. The attack vector is inferred to be remote, via manipulation of the URL parameter "id".

Generated by OpenCVE AI on March 27, 2026 at 16:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • If an official patch or upgrade is released by SourceCodester, apply it immediately.
  • Validate and sanitize all input parameters in the view_product.php script. Use prepared statements or parameterized queries instead of direct string concatenation.
  • Limit database privileges for the application user to the minimum necessary actions.
  • Disable error details that may reveal SQL structure to an attacker.
  • Monitor web application logs for anomalous queries or repeated failed login attempts.

Generated by OpenCVE AI on March 27, 2026 at 16:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 28 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title SQL Injection in Admin Product View on SourceCodester Online Food Ordering System
Weaknesses CWE-89

Fri, 27 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Description A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-27T20:17:27.795Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30532

cve-icon Vulnrichment

Updated: 2026-03-27T20:16:44.815Z

cve-icon NVD

Status : Received

Published: 2026-03-27T16:16:23.803

Modified: 2026-03-27T21:17:21.883

Link: CVE-2026-30532

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:29:00Z

Weaknesses