{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30532", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-27T20:17:27.795Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-27T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-27T15:18:53.950Z"}, "descriptions": [{"lang": "en", "value": "A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the \"id\" parameter."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/SQLi-ViewProduct-id.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T20:16:14.641080Z", "id": "CVE-2026-30532", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T20:17:27.795Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30532", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-27T20:16:14.641080Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T20:16:44.815Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/SQLi-ViewProduct-id.md"}], "descriptions": [{"lang": "en", "value": "A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the \"id\" parameter."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-27T15:18:53.950Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30532", "state": "PUBLISHED", "dateUpdated": "2026-03-27T20:17:27.795Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-27T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oretnom23:online_food_ordering_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0FAA9C4A-10ED-4AA4-8295-F4324DD2F879", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the \"id\" parameter."}], "id": "CVE-2026-30532", "lastModified": "2026-03-30T18:17:55.173", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-27T16:16:23.803", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/SQLi-ViewProduct-id.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "online_food_ordering_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-03-28T05:20:12.308570+00:00", "value": {"mitigation_remediation": ["Apply any available patch for SourceCodester Online Food Ordering System version\u202f1.0.", "Implement input validation or parameterized queries for the 'id' parameter in admin/view_product.php.", "Restrict access to the admin directory to trusted IP addresses or authenticated users only."], "summary": {"action": "Apply Patch", "impact": "Remote Data Tampering and Disclosure via SQL Injection"}, "threat_synthesis": {"affected_systems": "The weakness affects installations of SourceCodester Online Food Ordering System version\u202f1.0 that use the provided admin/view_product.php endpoint. No other vendors or product variants are listed in the CNA data, so any deployment of the default application remains vulnerable.", "description_and_impact": "A classic SQL Injection flaw resides in the admin/view_product.php file of SourceCodester Online Food Ordering System version\u202f1.0. The flaw stems from the unvalidated handling of the 'id' parameter, allowing attackers to inject arbitrary SQL statements. This can lead to the disclosure of sensitive data, alteration of database records, or removal of tables. The weakness corresponds to the classic CWE\u201189 scenario of unsanitized input in database queries.", "risk_and_exploitability": "The flaw carries a CVSS score of\u202f9.8, indicating critical severity. EPSS score is not available, and the vulnerability is not currently listed in the CISA KEV catalog. The likely attack vector is a web request to the admin/view_product.php page with a crafted 'id' value, an inference drawn from the description that the vulnerability is present in an admin\u2011accessible script. An attacker who can reach the page\u2014either through an authenticated administrator session or, if the endpoint is publicly reachable, via an unauthenticated request\u2014can exercise the injection. Successful exploitation could compromise data confidentiality, integrity, and availability at the database level."}}}}, "created": "2026-03-27T20:29:00.822091+00:00", "updated": "2026-03-30T07:59:56.071521+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$online_food_ordering_system"]}