code-projects Simple Food Order System SQL Injection Vulnerability (CVE-2026-5017)
CVE-2026-5017 is a SQL injection vulnerability in code-projects Simple Food Order System 1.0, allowing remote attackers to execute arbitrary SQL commands by manipulating the 'Status' parameter in the `/all-tickets.php` file.
A SQL injection vulnerability, identified as CVE-2026-5017, affects code-projects Simple Food Order System version 1.0. This vulnerability resides within the /all-tickets.php file, specifically in how the application handles the ‘Status’ parameter. A remote attacker can exploit this flaw by crafting malicious SQL queries via the ‘Status’ argument, potentially leading to unauthorized data access, modification, or complete system compromise. The vulnerability has been publicly disclosed…
Detection coverage 2
Detect SQL Injection Attempt in Simple Food Order System
highDetects potential SQL injection attempts targeting the /all-tickets.php endpoint by monitoring for suspicious keywords in the query string.
Detect SQL Injection Attempt via POST Request
highDetects potential SQL injection attempts via POST request parameters.
Detection queries are kept inside the platform. Get full rules →