SQL Injection Vulnerability in Code-Projects Online Food Order System
CVE-2026-15135
Key Information:
- Vendor
Code-projects
- Status
- Vendor
- CVE Published:
- 8 July 2026
Badges
What is CVE-2026-15135?
A security vulnerability has been identified in the Online Food Order System by Code-Projects, specifically in the edit_food_items.php file. This flaw allows for SQL injection through manipulated inputs in the 'update' argument. Attackers can exploit this vulnerability remotely, potentially leading to unauthorized data access and manipulation. The exploit has already been made public, raising concerns for users of affected versions. Immediate action is recommended to mitigate risks.
Affected Version(s)
Online Food Order System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
