EUVD-2026-16959
GHSA-2m22-876p-4x3q
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parameter Handler. The manipulation of the argument Status leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
Analysis
SQL injection in code-projects Simple Food Order System 1.0 allows unauthenticated remote attackers to extract, modify, or delete database contents via the Status parameter in all-orders.php. The vulnerability has a publicly available exploit and requires no authentication or user interaction (CVSS 7.3, AV:N/AC:L/PR:N). …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running Simple Food Order System 1.0 and isolate affected instances from production networks if possible, or restrict network access to trusted IPs only. Within 7 days: Implement Web Application Firewall (WAF) rules to block SQL injection patterns in the Status parameter of all-orders.php, and enable database activity monitoring. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today