CVE-2026-4839

HIGH NVD

CVSS Score 7.3

Severity HIGH

Published Mar 26, 2026

Vendor unknown

Description

A vulnerability has been found in SourceCodester Food Ordering System 1.0. This affects an unknown function of the file /purchase.php of the component Parameter Handler. The manipulation of the argument custom leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

References

https://github.com/WHOAMI-xiaoyu/CVE/blob/main/CVE_9.md
https://vuldb.com/?ctiid.353142
https://vuldb.com/?id.353142
https://vuldb.com/?submit.776082
https://www.sourcecodester.com/