Vulnerabilities

CVE-2026-30531

by Fred · 27/03/2026

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_category action). The application fails to properly sanitize user input supplied to the “name” parameter. This allows an authenticated attacker to inject malicious SQL commands.

More information : https://github.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/SQLi-Actions-saveCategory-name.md

Similar

Tags: Cybersecurity Alert