CVE-2026-4844

HIGH

code-projects Online Food Ordering System Admin Login admin.php sql injection

Title source: cna

Description

A vulnerability was detected in code-projects Online Food Ordering System 1.0. This issue affects some unknown processing of the file /admin.php of the component Admin Login Module. The manipulation of the argument Username results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.

References (5)

[Vdb Entry, Technical Description] https://vuldb.com/?id.353149

[Signature, Permissions Required] https://vuldb.com/?ctiid.353149

[Third Party Advisory] https://vuldb.com/?submit.776137

[Exploit] https://gist.github.com/HxH404/8e5bd42c0f968a92a23edc5e7b879955

[Product] https://code-projects.org/

Scores

CVSS v3 7.3

EPSS 0.0004

EPSS Percentile 13.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

code-projects/Online Food Ordering System 1.0

Published Mar 26, 2026

Tracked Since Mar 26, 2026