PT-2026-28205 · Code Projects · Online Food Ordering System

Abhiram T

Publicado

2026-03-26

Atualizado

2026-03-26

CVE-2026-4841

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions code-projects Online Food Ordering System version 1.0

Description A flaw exists in the Shopping Cart Module of code-projects Online Food Ordering System version 1.0. The issue is located in the file form/cart.php. A manipulation of the del argument can lead to SQL injection. This attack can be carried out remotely. The exploit is publicly available.

Recommendations Apply any available updates or patches for code-projects Online Food Ordering System version 1.0. As a temporary workaround, restrict or disable the use of the del argument in the form/cart.php file.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2026-4841

Produtos afetados

Online Food Ordering System

PT-2026-28205 · Code Projects · Online Food Ordering System

CVE-2026-4841

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7