EUVD-2026-20788
GHSA-g2vp-wffw-c4mw
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function save_product of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performed from remote. The exploit is publicly available and might be used.
Analysis
SourceCodester Online Food Ordering System 1.0 allows authenticated remote attackers to manipulate product pricing through the save_product function in Actions.php, leading to business logic errors including potential negative or arbitrary price values. The vulnerability affects the POST parameter handler and carries a CVSS score of 5.3 with publicly available exploit code; while not in CISA's KEV catalog, the public exploit availability and disclosure via vuldb indicate real-world exposure.
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today