Home / Vulnerability Intelligence / CVE-2026-30530

CVE-2026-30530 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 27, 2026

SourceCodester Online Food Ordering System - SQL Injection

Published: March 27, 2026Updated: March 27, 2026Remote Exploitable

Overview

SourceCodester Online Food Ordering System v1.0 contains a sql injection caused by improper sanitization of the "username" parameter in Actions.php save_customer action, letting attackers execute arbitrary SQL commands remotely, exploit requires crafted input.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Attackers can execute arbitrary SQL commands, potentially leading to data theft, modification, or full database compromise.

Mitigation

Update to the latest version with proper input sanitization or apply patches to fix SQL injection in Actions.php.

References

https://github.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/SQLi-Actions-saveCustomer-username.md

Related Resources

Details

CVE ID: CVE-2026-30530
Severity: Critical
CVSS Score: 9.8
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H