← voltar
CVE-2026-5811

SourceCodester Online Food Ordering System POST Parameter Actions.php save_product logic error

CVSS 5.3 MEDIUMEPSS 0.2%CWE-840
A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function save_product of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performed from remote. The exploit is publicly available and might be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Produtos afetados
SourceCodester · Online Food Ordering System
PoCs públicas encontradas1
cve_referencegithub.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/BusinessLogic-Product-NegativePrice.mdnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/BusinessLogic-Product-NegativePrice.mdhttps://vuldb.com/submit/787678https://vuldb.com/vuln/356259https://vuldb.com/vuln/356259/ctihttps://www.sourcecodester.com/