Product
CVE-2026-4839 is a SQL injection vulnerability in the SourceCodester Food Ordering System 1.0, affecting the /purchase.php file and allowing remote attackers to manipulate the 'custom' argument to inject malicious SQL code.