CVE-2026-4844

Name of the Vulnerable Software and Affected Versions code-projects Online Food Ordering System version 1.0

Description A security issue exists in code-projects Online Food Ordering System 1.0, specifically within the Admin Login Module. The issue involves SQL injection, triggered by manipulating the Username argument when processing the /admin.php file. This allows for remote exploitation. The exploit is publicly available.

Recommendations Apply any available updates or patches for version 1.0 to address the SQL injection issue in the Admin Login Module. As a temporary workaround, restrict access to the /admin.php file to minimize the risk of exploitation. Sanitize the Username input to prevent SQL injection attacks.