Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Simple Food Order System 1.0 Exposed to Remote SQL Injection Attacks
CVE-2026-5019
Summary
The Simple Food Order System 1.0 has a security flaw in its all-orders.php file that allows hackers to inject malicious code. This means an attacker can potentially access sensitive data or disrupt the system remotely. To protect your system, update to a secure version of the software or patch the vulnerability as soon as possible.
Original title
A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Para...
Original description
A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parameter Handler. The manipulation of the argument Status leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 29 Mar 2026 · Updated: 29 Mar 2026 · First seen: 29 Mar 2026