CVE-2026-14622 — Jairiidriss restaurant-website-php-mysql Authentication Bypass
A high-severity authentication bypass vulnerability (CVE-2026-14622) exists in the jairiidriss restaurant-website-php-mysql web application's AJAX Endpoint, specifically affecting the /admin/ajax_files component, allowing remote unauthenticated attackers to gain unauthorized access to sensitive functionalities, with public exploit code increasing immediate risk.
A high-severity authentication bypass vulnerability, tracked as CVE-2026-14622, has been discovered in the jairiidriss restaurant-website-php-mysql web application. This flaw impacts the /admin/ajax_files endpoint within the application's AJAX functionality, allowing remote attackers to circumvent authentication mechanisms. The vulnerability is present in versions up to commit 521428b5b612449df0cf4a5d15ee40cba67f3d35. Exploitation involves performing a specific "manipulation" that results in missing authentication, granting unauthorized access to functionalities that should be restricted. The exploit code for this vulnerability has been made public, significantly increasing the risk of widespread exploitation. Due to the product's rolling release strategy, specific version numbers for affected or patched releases cannot be provided, and the project maintainers have not yet responded to the issue report.
Attack Chain
- An attacker identifies a vulnerable instance of
jairiidriss restaurant-website-php-mysqlexposed on the internet. - The attacker sends an unauthenticated HTTP request (e.g., GET or POST) to the
/admin/ajax_filesendpoint. - Leveraging the missing authentication vulnerability, the server processes the attacker's request as if it originated from an authenticated user.
- The attacker gains unauthorized access to sensitive administrative functionalities exposed via the AJAX endpoint.
- This unauthorized access can lead to data manipulation, privilege escalation, or further compromise of the web application, depending on the specific functions exposed by
/admin/ajax_files.
Impact
The successful exploitation of CVE-2026-14622 allows an attacker to bypass intended authentication checks for the /admin/ajax_files endpoint. This grants unauthorized access to administrative functions, potentially leading to data modification, viewing sensitive information, or executing administrative commands, without needing legitimate credentials. The impact on affected organizations, which typically use this software for restaurant management, could include compromise of customer data, operational disruption, or defacement of their online presence. Given the public availability of the exploit, organizations running vulnerable instances are at immediate risk of compromise.
Recommendation
- Immediately apply any available patches or updates to
jairiidriss restaurant-website-php-mysqlonce released by the vendor to address CVE-2026-14622. - Implement a web application firewall (WAF) to detect and block suspicious requests targeting the
/admin/ajax_filesendpoint, especially unauthenticated attempts. - Deploy the Sigma rule provided in this brief to your SIEM solution to detect direct successful access attempts to the
/admin/ajax_filespath. - Review web server access logs for
/admin/ajax_filesto identify any past unauthorized access attempts, especially those resulting in successful (2xx) HTTP status codes from unknown or untrusted IP addresses.
Detection coverage 1
Detects CVE-2026-14622 Exploitation — Unauthenticated Access to /admin/ajax_files
highDetects CVE-2026-14622 exploitation — successful HTTP requests to the vulnerable /admin/ajax_files endpoint, indicating a potential authentication bypass or unauthorized access.
Detection queries are available on the platform. Get full rules →