CVE-2026-4900

MEDIUM

code-projects Online Food Ordering System localhost.sql privilege escalation

Title source: cna

Description

A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. It is advisable to modify the configuration settings.

References (5)

[Vdb Entry] https://vuldb.com/?id.353642

[Signature, Permissions Required] https://vuldb.com/?ctiid.353642

[Third Party Advisory] https://vuldb.com/?submit.776980

[Exploit] https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Online%20Food%20Ordering%20System%20in%20PHP%201.0%20%E2%80%93%20Sensitive%20Information%20Disclosure.md

View Exploit ZIP pw:eip

[Product] https://code-projects.org/

Scores

CVSS v3 5.3

EPSS 0.0003

EPSS Percentile 9.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-425 CWE-552

Status published

Products (1)

code-projects/Online Food Ordering System 1.0

Published Mar 26, 2026

Tracked Since Mar 27, 2026