CVE-2026-30534 - Vulnerability Analysis
HighCVSS: 8.3Last Updated: March 27, 2026
SourceCodester Online Food Ordering System - SQL Injection
Published: March 27, 2026Updated: March 27, 2026Remote Exploitable
Overview
SourceCodester Online Food Ordering System v1.0 contains a sql injection caused by unsanitized "id" parameter in admin/manage_category.php, letting attackers execute arbitrary SQL commands remotely, exploit requires crafted request.
Severity & Score
Severity: High
CVSS Score: 8.3
Impact
Attackers can execute arbitrary SQL commands, potentially leading to data theft or modification.
Mitigation
Update to the latest version or apply patches that sanitize the "id" parameter.
Related Resources
Details
- CVE ID
- CVE-2026-30534
- Severity
- High
- CVSS Score
- 8.3
- Type
- sql_injection
- Status
- new
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L