CVE-2025-4936

Name of the Vulnerable Software and Affected Versions: projectworlds Online Food Ordering System version 1.0 Apache Struts versions 2.5.26 and earlier

Description: A critical issue has been found, allowing for remote exploitation. In the case of projectworlds Online Food Ordering System, an unknown function of the file /admin-page.php is affected, where the manipulation of the 1 price argument leads to SQL injection. For Apache Struts, the issue allows for the remote execution of arbitrary code.

Recommendations: For projectworlds Online Food Ordering System version 1.0, consider restricting access to the /admin-page.php file until a patch is available. For Apache Struts versions 2.5.26 and earlier, update to a version later than 2.5.26 to resolve the issue. As a temporary workaround, consider disabling remote access to affected systems until the update can be applied.