CVE-2026-5811

MEDIUM

SourceCodester Online Food Ordering System POST Parameter Actions.php save_product logic error

Title source: cna
STIX 2.1

Description

A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function save_product of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performed from remote. The exploit is publicly available and might be used.

References (5)

Core 5
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-356259 | SourceCodester Online Food Ordering System POST Parameter Actions.php save_product logic error
https://vuldb.com/vuln/356259
Signature, Permissions Required signature permissions-required
VDB-356259 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/356259/cti
Third Party Advisory third-party-advisory
Submit #787678 | SourceCodester Online Food Ordering System 1.0 Business Logic Errors
https://vuldb.com/submit/787678

Scores

CVSS v3 5.4
EPSS 0.0025
EPSS Percentile 15.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-840
Status published
Products (1)
SourceCodester/Online Food Ordering System 1.0
Published Apr 08, 2026
Tracked Since Apr 09, 2026