Skip to main content

Simple Food Ordering System CVE-2026-4532

| EUVD-2026-14266 MEDIUM
Files or Directories Accessible to External Parties (CWE-552)
2026-03-22 VulDB GHSA-mcqg-vw6x-qfjx
Path Traversal Information Disclosure Simple Food Ordering System
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
PoC Detected
Apr 10, 2026 - 01:16 vuln.today
Public exploit code
EUVD ID Assigned
Mar 22, 2026 - 01:45 euvd
EUVD-2026-14266
Analysis Generated
Mar 22, 2026 - 01:45 vuln.today
CVE Published
Mar 22, 2026 - 01:32 nvd
MEDIUM 5.5

DescriptionCVE.org

A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. It is recommended to change the configuration settings.

AnalysisAI

The Simple Food Ordering System through version 1.0 allows unauthenticated remote attackers to access sensitive database files through improper access controls in the Database Backup Handler component. Public exploit code exists for this vulnerability, which could enable attackers to retrieve database backups containing sensitive information. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment Despite a CVSS score of 5.3 (Medium), this vulnerability presents moderate real-world risk with several aggravating factors. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker performs a simple unauthenticated HTTP GET request to the predictable path /food/sql/food.sql on a vulnerable Simple Food Ordering System instance, directly downloading the unencrypted SQL database backup file. The attacker then parses the SQL dump to extract sensitive data including user credentials, customer personal information, payment records, or business logic stored in the database. …
Remediation The primary remediation is to upgrade code-projects Simple Food Ordering System to a patched version released after version 1.0 once available. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 30 days: Identify affected systems running code-projects Simple Food Ordering System and apply vendor patches as part of regular patch cycle. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-4532 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy