EUVD-2026-16085
GHSA-2w66-j4vc-q66r
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability has been found in SourceCodester Food Ordering System 1.0. This affects an unknown function of the file /purchase.php of the component Parameter Handler. The manipulation of the argument custom leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Analysis
SQL injection in SourceCodester Food Ordering System 1.0 via the custom parameter in /purchase.php allows unauthenticated remote attackers to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Immediately disable the /purchase.php endpoint or restrict access via network controls; audit logs for exploitation attempts; notify stakeholders of potential exposure. Within 7 days: Deploy WAF rules to block SQL injection patterns in the 'custom' parameter; conduct database audit for unauthorized access or modifications; implement network segmentation to isolate the affected system. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today