Description
A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. It is recommended to change the configuration settings.
Published: 2026-03-22
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Change Configuration
AI Analysis

Impact

This vulnerability arises from an unknown functionality in the Database Backup Handler component of code-projects Simple Food Ordering System versions up to 1.0. By manipulating the /food/sql/food.sql resource, an attacker can access files or directories that should be restricted, enabling the retrieval of a database backup that may contain sensitive data. The resulting breach can expose user information, transactional records, or other confidential content, thereby compromising confidentiality and potentially integrity if data is altered.

Affected Systems

The affected product is code-projects Simple Food Ordering System, version 1.0. The CPE 'carmelo:simple_food_order_system:1.0' indicates that any deployment of this open‑source application running that version is vulnerable. The flaw is present in the Database Backup Handler component of the application.

Risk and Exploitability

The CVSS score of 6.9 signifies moderate severity. The EPSS score of less than 1% suggests a low current exploitation probability, and the vulnerability is not listed in CISA's KEV catalog. Nevertheless, the attack can be performed remotely, meaning an adversary only needs network access to the web server. The potential impact of exposing a database backup makes the risk significant for systems that store sensitive user or business data.

Generated by OpenCVE AI on April 10, 2026 at 02:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Adjust the application configuration to prevent direct access to the /food/sql/food.sql file, ensuring that backup files are not served by the web server.
  • Move backup locations outside the web root or secure them behind authentication and proper file permissions.
  • Apply any available patches or updates from the vendor; if the latest version is 1.0, verify no newer release exists.
  • Conduct a review of other exposed files or directories to ensure no similar weaknesses remain.
  • Monitor web server logs for unauthorized access attempts to backup files.

Generated by OpenCVE AI on April 10, 2026 at 02:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Carmelo
Carmelo simple Food Order System
CPEs cpe:2.3:a:carmelo:simple_food_order_system:1.0:*:*:*:*:*:*:*
Vendors & Products Carmelo
Carmelo simple Food Order System

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects simple Food Ordering System
Vendors & Products Code-projects
Code-projects simple Food Ordering System

Sun, 22 Mar 2026 01:45:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. It is recommended to change the configuration settings.
Title code-projects Simple Food Ordering System Database Backup food.sql file access
Weaknesses CWE-425
CWE-552
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Carmelo Simple Food Order System
Code-projects Simple Food Ordering System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-23T16:39:58.679Z

Reserved: 2026-03-21T07:56:26.558Z

Link: CVE-2026-4532

cve-icon Vulnrichment

Updated: 2026-03-23T16:22:56.631Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-22T02:16:00.640

Modified: 2026-04-10T01:16:58.983

Link: CVE-2026-4532

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:46:22Z

Weaknesses