CVE-2026-30531

Authenticated SQL Injection in SourceCodester Online Food Ordering System v1.0 Allows Arbitrary SQL Execution

Description

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_category action). The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious SQL commands.

INFO

Published Date :

2026-03-27T00:00:00.000Z

Last Modified :

2026-03-27T20:04:55.643Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2026-30531 vulnerability.

Vendors	Products
Oretnom23	Online Food Ordering System
Sourcecodester	Online Food Ordering System

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-30531.

URL	Resource
https://github.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/SQLi-Actions-saveCategory-name.md

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact