Home / Vulnerability Intelligence / CVE-2026-30529

CVE-2026-30529 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 30, 2026

SourceCodester Online Food Ordering System - SQL Injection

Published: March 27, 2026Updated: March 30, 2026Remote Exploitable

Overview

SourceCodester Online Food Ordering System v1.0 contains a sql injection caused by improper sanitization of the "username" parameter in Actions.php save_user action, letting authenticated attackers execute arbitrary SQL commands.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 1.1%(Probability of exploitation in next 30 days)

Impact

Authenticated attackers can execute arbitrary SQL commands, potentially leading to data disclosure or modification.

Mitigation

Update to the latest version or apply patches that sanitize user input properly.

References

https://github.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/SQLi-Actions-saveUser-username.md

Social Media Activity(1 post)

Yazoul - Cybersecurity Alerts

@Matchbook3469

Mar 29, 2026

🟠 New security advisory: CVE-2026-30529 affects multiple systems. • Impact: Significant security breach potential • Risk: Unauthorized access or data exposure • Mitigation: Apply patches within 24-48 hours Full breakdown: https://www.yazoul.net/advisory/cve/cve-2026-30529-sourcecodester-food-ordering-system-sql-injection-update-now #Cybersecurity #SecurityPatching #HackerNews

View original post

Related Resources

Details

CVE ID: CVE-2026-30529
Severity: High
CVSS Score: 8.8
Type: sql_injection
Status: unconfirmed
EPSS: 1.1%
Social Posts: 1

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.1%Probability of exploitation in the next 30 days