Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Order Module in Online Food Ordering System 1.0 Allows Remote Code Injection
CVE-2026-5157
Summary
An attacker can inject malicious code into the Online Food Ordering System 1.0, specifically in the Order Module, by manipulating a customer ID. This could potentially allow them to access sensitive information or take control of the system. Update to the latest version of the system to fix this issue.
Original title
A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the ...
Original description
A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument cust_id leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used.
nvd CVSS2.0
5.0
nvd CVSS3.1
4.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-94
Code Injection
Published: 31 Mar 2026 · Updated: 31 Mar 2026 · First seen: 31 Mar 2026