CVE-2026-5811

Name of the Vulnerable Software and Affected Versions SourceCodester Online Food Ordering System version 1.0

Description A vulnerability exists in the function save product of the file /Actions.php within the POST Parameter Handler component. Manipulation of the price argument can lead to business logic errors. The attack can be performed remotely, and an exploit is publicly available.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /Actions.php file or disabling the save product function until a patch is available.