SQL Injection Vulnerability in Simple Food Order System by Code-Projects
CVE-2026-26713

9.8CRITICAL

Key Information:

Vendor: Code-Projects
Status: Simple Food Order System
Vendor: CVE Published:; 2 March 2026

🔔 Create Code-Projects Vulnerability Alert

What is CVE-2026-26713?

The Simple Food Order System version 1.0 developed by Code-Projects contains a security flaw that allows an attacker to execute arbitrary SQL queries through the cancel-order functionality. This vulnerability exposes sensitive data and could allow unauthorized actions to be performed on the database. Proper input sanitization and parameterized queries are essential to mitigate this risk.

References

https://github.com/Thirtypenny77/bug_report/blob/main/cod...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 2, 2026
Vulnerability Reserved
Feb 16, 2026

CVE-2026-26713 Data

JSON