Description
A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Published: 2026-05-10
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw has been discovered in CodeAstro Online Catering Ordering System 1.0 that allows a remote attacker to manipulate the ID parameter in the deleteorder.php script. The manipulation leads to SQL injection, enabling the attacker to read, modify, or delete data within the underlying database. The vulnerability is exploitable over the network and has already been disclosed publicly, indicating that it may be actively used by threat actors.

Affected Systems

CodeAstro Online Catering Ordering System version 1.0. The weakness exists in the deleteorder.php component, which processes the ID argument without proper validation or parameterization.

Risk and Exploitability

The CVSS score of 5.3 classifies this as moderate severity. EPSS information is unavailable, and the vulnerability is not included in the CISA KEV catalog. Based on the description, the attack vector is likely remote via HTTP/S, requiring the ability to send crafted requests to the affected endpoint. While the direct impact is limited to database manipulation, the potential to alter critical ordering or financial information could compromise business operations.

Generated by OpenCVE AI on May 10, 2026 at 07:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor patch for CodeAstro Online Catering Ordering System version 1.0.
  • If no patch exists, contact the vendor to request a fix and apply any interim changes.
  • Modify deleteorder.php to validate the ID input and use parameterized queries to eliminate injection possibilities.
  • Restrict the database user privileges to the minimum required for the application.

Generated by OpenCVE AI on May 10, 2026 at 07:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 10 May 2026 06:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Title CodeAstro Online Catering Ordering System deleteorder.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-10T05:00:14.951Z

Reserved: 2026-05-09T07:57:50.782Z

Link: CVE-2026-8231

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-10T06:16:08.597

Modified: 2026-05-10T06:16:08.597

Link: CVE-2026-8231

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-10T08:00:08Z

Weaknesses