CVE-2026-30533 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 30, 2026
SourceCodester Online Food Ordering System - SQL Injection
Published: March 27, 2026Updated: March 30, 2026Remote Exploitable
Overview
SourceCodester Online Food Ordering System v1.0 contains a sql injection caused by improper sanitization of the "id" parameter in admin/manage_product.php, letting attackers execute arbitrary SQL commands remotely, exploit requires crafted request.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers can execute arbitrary SQL commands, potentially leading to data theft or modification.
Mitigation
Update to the latest version or apply patches that sanitize the "id" parameter.
Related Resources
Details
- CVE ID
- CVE-2026-30533
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- sql_injection
- Status
- unconfirmed
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H