Description
A security flaw has been discovered in code-projects Online Food Order System 1.0. This affects an unknown part of the file /edit_food_items.php. The manipulation of the argument update results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
Problem types
Product status
Timeline
| 2026-07-08: | Advisory disclosed |
| 2026-07-08: | VulDB entry created |
| 2026-07-08: | VulDB entry last update |
Credits
zhaoyihao (VulDB User)
References
vuldb.com/vuln/376951 (VDB-376951 | code-projects Online Food Order System edit_food_items.php sql injection)
vuldb.com/vuln/376951/cti (VDB-376951 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/cve/CVE-2026-15135 (CVE-2026-15135 | CVE Analysis and Report)
vuldb.com/submit/851065 (Submit #851065 | code-projects Online Food Order System V1.0 SQL Injection)
github.com/susususua-AI/CVE/issues/1
code-projects.org/