EUVD-2026-16110
GHSA-59w9-v569-xqc3
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file form/cart.php of the component Shopping Cart Module. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
Analysis
SQL injection in code-projects Online Food Ordering System 1.0's Shopping Cart Module (cart.php) allows unauthenticated remote attackers to manipulate the del parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Take the affected Shopping Cart Module offline or disable the 'del' parameter functionality; notify all affected customers and stakeholders. Within 7 days: Implement Web Application Firewall (WAF) rules to block malicious SQL injection patterns targeting cart.php; conduct database audit for unauthorized access or modifications. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today