CVE-2026-5017

HIGH NVD

CVSS Score 7.3

Severity HIGH

Published Mar 28, 2026

Vendor unknown

Description

A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.

References

https://code-projects.org/
https://github.com/6Justdododo6/CVE/issues/15
https://vuldb.com/submit/779331
https://vuldb.com/vuln/353902
https://vuldb.com/vuln/353902/cti