CVE-2026-30530

SQL Injection in Online Food Ordering System Allowing Unauthorized Database Access

Description

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_customer action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject malicious SQL commands.

INFO

Published Date :

2026-03-27T00:00:00.000Z

Last Modified :

2026-03-27T19:57:58.182Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2026-30530 vulnerability.

Vendors	Products
Oretnom23	Online Food Ordering System
Sourcecodester	Online Food Ordering System

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-30530.

URL	Resource
https://github.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/SQLi-Actions-saveCustomer-username.md

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact