SQL Injection Vulnerability in Campcodes Online Food Ordering System
CVE-2025-4491
Summary
A vulnerability has been discovered in the Campcodes Online Food Ordering System version 1.0, specifically in the /routers/ticket-status.php file. Attackers can exploit this vulnerability by manipulating the ticket_id argument, leading to SQL injection. This allows unauthorized access to the database and the potential for data manipulation. The exploit is accessible remotely, raising concerns for users of this online food ordering platform. As this issue is publicly disclosed, prompt action is advised to secure systems against potential attacks.
Affected Version(s)
Online Food Ordering System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved