CVE-2026-30532 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 27, 2026
SourceCodester Online Food Ordering System - SQL Injection
Published: March 27, 2026Updated: March 27, 2026Remote Exploitable
Overview
SourceCodester Online Food Ordering System v1.0 contains a sql injection caused by improper sanitization of the "id" parameter in admin/view_product.php, letting attackers execute arbitrary SQL commands remotely, exploit requires crafted request.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers can execute arbitrary SQL commands, potentially leading to data disclosure, modification, or full database compromise.
Mitigation
Update to the latest version or apply patches that sanitize the "id" parameter properly.
Related Resources
Details
- CVE ID
- CVE-2026-30532
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- sql_injection
- Status
- new
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H