Home / Vulnerability Intelligence / CVE-2026-30529

CVE-2026-30529 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 27, 2026

SourceCodester Online Food Ordering System - SQL Injection

Published: March 27, 2026Updated: March 27, 2026Remote Exploitable

Overview

SourceCodester Online Food Ordering System v1.0 contains a sql injection caused by improper sanitization of the "username" parameter in Actions.php save_user action, letting authenticated attackers execute arbitrary SQL commands.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Authenticated attackers can execute arbitrary SQL commands, potentially leading to data disclosure or modification.

Mitigation

Update to the latest version or apply patches that sanitize user input properly.

References

https://github.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/SQLi-Actions-saveUser-username.md

Related Resources

Details

CVE ID: CVE-2026-30529
Severity: High
CVSS Score: 8.8
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H