SourceCodester Online Catering Reservation SQL Injection Vulnerability (CVE-2026-4615)
A SQL injection vulnerability exists in SourceCodester Online Catering Reservation 1.0's `/search.php` file, allowing remote attackers to execute arbitrary SQL commands by manipulating the `rcode` argument.
SourceCodester Online Catering Reservation 1.0 is vulnerable to SQL injection, as identified by CVE-2026-4615. The vulnerability resides within the /search.php file and can be triggered by manipulating the rcode argument. This allows a remote attacker to inject arbitrary SQL queries into the application’s database, potentially leading to data breaches, modification of data, or complete compromise of the database server. The vulnerability was reported on March 23, 2026, and a public exploit…
Detection coverage 2
Detect SQL Injection Attempts in Online Catering Reservation
highDetects potential SQL injection attempts targeting the /search.php endpoint by looking for SQL keywords in the rcode parameter.
Detect potential SQL Injection via rcode Parameter
mediumDetects potential SQL injection attacks targeting the rcode parameter using common SQL syntax
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
5
url