cvedb.io
CVE-2026-30529
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2026-03-27T16:16:23.447 · Last modified 2026-06-17T10:32:44.860

Summary

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_user action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an authenticated attacker to inject malicious SQL commands.

Affected products

oretnom23 — online_food_ordering_system

Does this affect you?

Add your gear to cvedb and we'll alert you only when oretnom23 ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.