LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-26712

CVE-2026-26712 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 2, 2026

code-projects Simple Food Order System - SQL Injection

Published: March 2, 2026Updated: March 2, 2026PoC AvailableRemote Exploitable

Overview

code-projects Simple Food Order System v1.0 contains a sql injection caused by unsanitized input in /food/view-ticket-admin.php, letting attackers execute arbitrary SQL commands remotely, exploit requires no special privileges.

Severity & Score

Severity: Critical
CVSS Score: 9.8

Impact

Attackers can execute arbitrary SQL commands, potentially leading to data theft or modification.

Mitigation

Update to the latest version or apply patches that sanitize SQL inputs.

References

Related Resources

Details

CVE ID
CVE-2026-26712
Severity
Critical
CVSS Score
9.8
Type
sql_injection
Status
confirmed

CWE

  • CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H