Home / Vulnerability Intelligence / CVE-2026-26710

CVE-2026-26710 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 3, 2026

code-projects Simple Food Order System - SQL Injection

Published: March 2, 2026Updated: March 3, 2026PoC AvailableRemote Exploitable

Overview

code-projects Simple Food Order System v1.0 contains a sql injection caused by unsanitized input in /food/routers/edit-orders.php, letting attackers execute arbitrary SQL commands, exploit requires crafted request.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 2.9%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary SQL commands, potentially leading to data theft or modification.

Mitigation

Update to the latest version or apply patches that sanitize inputs in /food/routers/edit-orders.php.

References

https://github.com/Thirtypenny77/bug_report/blob/main/code-projects/simple-food-order-system/SQL-3.md

Social Media Activity(1 post)

Yazoul Alerts

@Matchbook3469

Mar 3, 2026

⛔ New security advisory: CVE-2026-26710 affects Carmelo Simple Food Order System. • Impact: Remote code execution or complete system compromise possible • Risk: Attackers can gain full control of affected systems • Mitigation: Patch immediately or isolate affected systems Full breakdown: https://yazoul.net/advisory/cve/cve-2026-26710 #Cybersecurity #SecurityPatching #HackerNews

View original post

Related Resources

Details

CVE ID: CVE-2026-26710
Severity: Critical
CVSS Score: 9.8
Type: sql_injection
Status: modified
EPSS: 2.9%
Social Posts: 1

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

2.9%Probability of exploitation in the next 30 days