code-projects Online Food Ordering System SQL Injection Vulnerability (CVE-2026-4844)
CVE-2026-4844 describes a SQL injection vulnerability in the Admin Login Module of code-projects Online Food Ordering System 1.0, which can be exploited remotely by manipulating the Username argument in the /admin.php file.
A SQL injection vulnerability, identified as CVE-2026-4844, affects the code-projects Online Food Ordering System version 1.0. Specifically, the vulnerability resides within the Admin Login Module and is triggered by manipulating the Username argument when processing the /admin.php file. This allows a remote attacker to inject arbitrary SQL commands. Public exploits are available, increasing the risk of exploitation. Successful exploitation can lead to unauthorized access to the database…
Detection coverage 2
Detect SQL Injection in Online Food Ordering System Login
highDetects potential SQL injection attempts in the Username parameter of the /admin.php login page of code-projects Online Food Ordering System.
Detect Database Errors from Web Server
mediumDetects database error messages returned by the web server, which may indicate a successful SQL injection.
Detection queries are kept inside the platform. Get full rules →