Description
A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. It is advisable to modify the configuration settings.
Published: 2026-03-26
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: Privilege Escalation
Action: Patch
AI Analysis

Impact

A path traversal flaw exists in the configuration file /dbfood/localhost.sql of the Online Food Ordering System. By manipulating the file path, an attacker can read an arbitrary file or directory that should normally be inaccessible. This disclosure permits the attacker to obtain sensitive configuration data or user credentials, and it potentially allows further exploitation of the system. The weakness aligns with information exposure and path traversal characteristics.

Affected Systems

The vulnerability affects the Online Food Ordering System 1.0, developed by code-projects. The flaw resides in an unspecified section of the localhost.sql file, and no other vendors or product versions are listed.

Risk and Exploitability

The severity score is 6.9 on the CVSS scale, indicating moderate risk, while the EPSS score is not available. It is not included in the CISA KEV catalog. The likely attack vector is remote, with an attacker able to send crafted web requests that trigger the traversal. Once exploited, the attacker can read arbitrary files, which could lead to privilege escalation or a broader compromise of the host. Publicly available exploit code has been referenced, increasing the realistic threat.

Generated by OpenCVE AI on March 26, 2026 at 23:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available vendor patch for Online Food Ordering System 1.0.
  • Modify the application's configuration to disallow relative path traversal or enforce strict path validation for localhost.sql.
  • Restrict file permissions on localhost.sql and any directories containing sensitive files so the web server process cannot read them.
  • Monitor application logs for abnormal access attempts to the database configuration files.

Generated by OpenCVE AI on March 26, 2026 at 23:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects online Food Ordering System
Vendors & Products Code-projects
Code-projects online Food Ordering System

Thu, 26 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. It is advisable to modify the configuration settings.
Title code-projects Online Food Ordering System localhost.sql privilege escalation
Weaknesses CWE-425
CWE-552
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Online Food Ordering System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-26T21:56:46.312Z

Reserved: 2026-03-26T14:33:58.586Z

Link: CVE-2026-4900

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-26T22:16:32.153

Modified: 2026-03-26T22:16:32.153

Link: CVE-2026-4900

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:22:59Z

Weaknesses