CVE-2026-30531
SQL Injection in SourceCodester Online Food Ordering save_category
Publication date: 2026-03-27
Last updated on: 2026-03-30
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oretnom23 | online_food_ordering_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-30531 is a SQL Injection vulnerability found in the Online Food Ordering System version 1.0, specifically in the Actions.php file within the save_category action.
The vulnerability occurs because the application does not properly sanitize the user input supplied to the "name" parameter. This allows an authenticated attacker, such as an administrator, to inject malicious SQL commands into the backend SQLite database.
Exploitation techniques include Boolean-based blind SQL injection and time-based SQL injection, which can be used to enumerate database structures and extract sensitive data.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to exfiltrate sensitive data from the backend database, including user credentials and configuration settings.
Attackers can also enumerate the database schema, gaining knowledge of tables and columns, which can facilitate further attacks or data breaches.
Since the attacker must be authenticated, the impact is particularly severe if an administrator account is compromised or misused.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by targeting the `name` parameter in the POST request to the `Actions.php` file with the `save_category` action. An authenticated user, such as an administrator, can use SQL injection testing tools like sqlmap to verify the presence of the flaw.
A suggested command to detect the vulnerability is using sqlmap with appropriate headers and cookies to maintain session context. For example, sqlmap can be run against the URL endpoint `Actions.php?a=save_category` targeting the `name` parameter in the POST data.
- Use sqlmap to test the `name` parameter for SQL injection by sending POST requests to `Actions.php?a=save_category`.
- Ensure to include authentication cookies and headers in the sqlmap command to simulate an authenticated administrator session.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the SQL Injection vulnerability in the Online Food Ordering System v1.0, immediate steps include restricting access to the affected functionality to trusted and authenticated users only.
Additionally, it is important to apply proper input validation and sanitization on the 'name' parameter in the save_category action within Actions.php to prevent malicious SQL commands from being executed.
If possible, update or patch the application to a version where this vulnerability is fixed.
As a temporary measure, monitoring and logging suspicious activities related to the save_category action can help detect exploitation attempts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The SQL Injection vulnerability in the Online Food Ordering System allows attackers to exfiltrate sensitive data such as user credentials and configuration settings by exploiting the unsanitized "name" parameter. This unauthorized access and potential data breach could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and disclosure.
Specifically, the ability to extract sensitive user data through SQL injection compromises the confidentiality and integrity of stored information, which are core requirements under these standards. Organizations using this vulnerable system may face legal and regulatory consequences if such data breaches occur.