CVE-2026-5811

SourceCodester Online Food Ordering System POST Parameter Actions.php save_product logic error

CVSS 5.3 MEDIUMEPSS 0.2%CWE-840

A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function save_product of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performed from remote. The exploit is publicly available and might be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

SourceCodester · Online Food Ordering System

PoCs públicas encontradas — 1

cve_referencegithub.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/BusinessLogic-Product-NegativePrice.mdno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/BusinessLogic-Product-NegativePrice.md https://vuldb.com/submit/787678 https://vuldb.com/vuln/356259 https://vuldb.com/vuln/356259/cti https://www.sourcecodester.com/