CVE-2026-4841

HIGH

code-projects Online Food Ordering System Shopping Cart cart.php sql injection

Title source: cna

Description

A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file form/cart.php of the component Shopping Cart Module. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

References (5)

[Vdb Entry, Technical Description] https://vuldb.com/?id.353147

[Signature, Permissions Required] https://vuldb.com/?ctiid.353147

[Third Party Advisory] https://vuldb.com/?submit.776130

[Exploit] https://gist.github.com/HxH404/ed090db972001ba535202fd4f5b6a0b5

[Product] https://code-projects.org/

Scores

CVSS v3 7.3

EPSS 0.0004

EPSS Percentile 13.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

code-projects/Online Food Ordering System 1.0

Published Mar 26, 2026

Tracked Since Mar 26, 2026