CVE-2026-4470

MEDIUM

itsourcecode Online Frozen Foods Ordering System admin_edit_menu.php sql injection

Title source: cna

Description

A security flaw has been discovered in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_edit_menu.php. Performing a manipulation of the argument product_name results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

References (5)

Core 5

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-351760 | itsourcecode Online Frozen Foods Ordering System admin_edit_menu.php sql injection

https://vuldb.com/?id.351760

Signature, Permissions Required signature permissions-required

VDB-351760 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.351760

Third Party Advisory third-party-advisory

Submit #772882 | itsourcecode Online Frozen Foods Ordering System V1.0 SQL injection

https://vuldb.com/?submit.772882

Exploit exploit issue-tracking

https://github.com/sjkdhl/public/issues/3

Product product

https://itsourcecode.com/

Scores

CVSS v3 4.7

EPSS 0.0033

EPSS Percentile 24.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (2)

adonesevangelista/online_frozen_foods_ordering_system 1.0

itsourcecode/Online Frozen Foods Ordering System 1.0

Published Mar 20, 2026

Tracked Since Mar 20, 2026