CVE-2026-4900
Directory Access Vulnerability in Online Food Ordering System
Publication date: 2026-03-26
Last updated on: 2026-03-26
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| code-projects | online_food_ordering_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-552 | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
| CWE-425 | The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the code-projects Online Food Ordering System version 1.0, specifically affecting an unknown part of the file /dbfood/localhost.sql. It allows an attacker to manipulate the system in a way that makes files or directories accessible that should not be. The attack can be performed remotely, and the exploit code has been publicly released.
It is recommended to modify the configuration settings to mitigate this vulnerability.
What immediate steps should I take to mitigate this vulnerability?
It is advisable to modify the configuration settings of the affected Online Food Ordering System to mitigate this vulnerability.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to files or directories on the affected system. Since the attack can be initiated remotely without authentication, it could expose sensitive data or system information to attackers.
The CVSS v3.1 score of 5.3 indicates a medium severity impact, with confidentiality being affected but no impact on integrity or availability.