PT-2026-28205 · Code Projects · Online Food Ordering System

Abhiram T

Published

2026-03-26

Updated

2026-03-26

CVE-2026-4841

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions code-projects Online Food Ordering System version 1.0

Description A flaw exists in the Shopping Cart Module of code-projects Online Food Ordering System version 1.0. The issue is located in the file form/cart.php. A manipulation of the del argument can lead to SQL injection. This attack can be carried out remotely. The exploit is publicly available.

Recommendations Apply any available updates or patches for code-projects Online Food Ordering System version 1.0. As a temporary workaround, restrict or disable the use of the del argument in the form/cart.php file.

Exploit

Fix

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2026-4841

Affected Products

Online Food Ordering System

PT-2026-28205 · Code Projects · Online Food Ordering System

CVE-2026-4841

Weakness Enumeration

Related Identifiers

Affected Products

References · 7