Description
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via the "id" parameter.
Published: 2026-03-27
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Database Compromise
Action: Apply Patch
AI Analysis

Impact

A classic SQL injection flaw exists in the admin/manage_category.php page of the online food ordering system. The flaw allows an attacker to supply an unsanitized "id" value in a request, causing the application to embed arbitrary SQL statements into its database query. If exploited, the attacker could read, modify, or delete data stored in the system’s database, thereby compromising both data confidentiality and integrity. The weakness is categorized as CWE-89, Improper Neutralization of Special Elements used in an SQL Statement.

Affected Systems

The vulnerability affects the oretnom23 Online Food Ordering System, version 1.0. No other releases or vendor patches are documented, and the vendor has not released an advisory.

Risk and Exploitability

The CVSS score of 8.3 indicates a high severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation at present. The vulnerability is not listed in CISA’s Known Exploited Vulnerabilities catalog. The likely attack vector is a remote HTTP request to admin/manage_category.php, likely requiring administrative authentication. The impact scope appears to be limited to the database accessed by that page, with potential to compromise all stored data if an attacker gains access.

Generated by OpenCVE AI on March 30, 2026 at 20:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑issued patch or upgrade once available

Generated by OpenCVE AI on March 30, 2026 at 20:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Title SQL Injection in Admin Category Management of Online Food Ordering System

Mon, 30 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Oretnom23
Oretnom23 online Food Ordering System
CPEs cpe:2.3:a:oretnom23:online_food_ordering_system:1.0:*:*:*:*:*:*:*
Vendors & Products Oretnom23
Oretnom23 online Food Ordering System

Mon, 30 Mar 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester online Food Ordering System
Vendors & Products Sourcecodester
Sourcecodester online Food Ordering System

Sun, 29 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Admin Manage Category for Online Food Ordering System

Sat, 28 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title SQL Injection in Admin Manage Category for Online Food Ordering System
Weaknesses CWE-89

Fri, 27 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Description A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via the "id" parameter.
References

Subscriptions

Oretnom23 Online Food Ordering System
Sourcecodester Online Food Ordering System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-27T20:09:18.865Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30534

cve-icon Vulnrichment

Updated: 2026-03-27T20:08:51.205Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-27T16:16:24.030

Modified: 2026-03-30T18:16:59.467

Link: CVE-2026-30534

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T20:57:15Z

Weaknesses