Vulnerabilities

CVE-2026-30529

by Fred · 27/03/2026

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_user action). The application fails to properly sanitize user input supplied to the “username” parameter. This allows an authenticated attacker to inject malicious SQL commands.

More information : https://github.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/SQLi-Actions-saveUser-username.md

Similar

Tags: Cybersecurity Alert