CVE-2025-15166

Name of the Vulnerable Software and Affected Versions itsourcecode Online Cake Ordering System version 1.0

Description A SQL injection issue exists in itsourcecode Online Cake Ordering System version 1.0. The issue is located in an unknown function within the /updatesupplier.php?action=edit file. Manipulation of the ID argument can lead to SQL injection. The attack can be initiated remotely. The exploit for this issue has been publicly released.

Recommendations versions prior to 1.0 should be updated. As a temporary workaround, consider restricting access to the /updatesupplier.php?action=edit file until a patch is available. Avoid using the ID parameter in the affected API endpoint until the issue is resolved.