{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/jairiidriss/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-14622"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["restaurant-website-php-mysql \u003c= 521428b5b612449df0cf4a5d15ee40cba67f3d35"],"_cs_severities":["high"],"_cs_tags":["web-vulnerability","authentication-bypass","php","webserver","cve"],"_cs_type":"advisory","_cs_vendors":["jairiidriss"],"content_html":"\u003cp\u003eA high-severity authentication bypass vulnerability, tracked as CVE-2026-14622, has been discovered in the jairiidriss restaurant-website-php-mysql web application. This flaw impacts the \u003ccode\u003e/admin/ajax_files\u003c/code\u003e endpoint within the application's AJAX functionality, allowing remote attackers to circumvent authentication mechanisms. The vulnerability is present in versions up to commit \u003ccode\u003e521428b5b612449df0cf4a5d15ee40cba67f3d35\u003c/code\u003e. Exploitation involves performing a specific \u0026quot;manipulation\u0026quot; that results in missing authentication, granting unauthorized access to functionalities that should be restricted. The exploit code for this vulnerability has been made public, significantly increasing the risk of widespread exploitation. Due to the product's rolling release strategy, specific version numbers for affected or patched releases cannot be provided, and the project maintainers have not yet responded to the issue report.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable instance of \u003ccode\u003ejairiidriss restaurant-website-php-mysql\u003c/code\u003e exposed on the internet.\u003c/li\u003e\n\u003cli\u003eThe attacker sends an unauthenticated HTTP request (e.g., GET or POST) to the \u003ccode\u003e/admin/ajax_files\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eLeveraging the missing authentication vulnerability, the server processes the attacker's request as if it originated from an authenticated user.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to sensitive administrative functionalities exposed via the AJAX endpoint.\u003c/li\u003e\n\u003cli\u003eThis unauthorized access can lead to data manipulation, privilege escalation, or further compromise of the web application, depending on the specific functions exposed by \u003ccode\u003e/admin/ajax_files\u003c/code\u003e.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-14622 allows an attacker to bypass intended authentication checks for the \u003ccode\u003e/admin/ajax_files\u003c/code\u003e endpoint. This grants unauthorized access to administrative functions, potentially leading to data modification, viewing sensitive information, or executing administrative commands, without needing legitimate credentials. The impact on affected organizations, which typically use this software for restaurant management, could include compromise of customer data, operational disruption, or defacement of their online presence. Given the public availability of the exploit, organizations running vulnerable instances are at immediate risk of compromise.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately apply any available patches or updates to \u003ccode\u003ejairiidriss restaurant-website-php-mysql\u003c/code\u003e once released by the vendor to address CVE-2026-14622.\u003c/li\u003e\n\u003cli\u003eImplement a web application firewall (WAF) to detect and block suspicious requests targeting the \u003ccode\u003e/admin/ajax_files\u003c/code\u003e endpoint, especially unauthenticated attempts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided in this brief to your SIEM solution to detect direct successful access attempts to the \u003ccode\u003e/admin/ajax_files\u003c/code\u003e path.\u003c/li\u003e\n\u003cli\u003eReview web server access logs for \u003ccode\u003e/admin/ajax_files\u003c/code\u003e to identify any past unauthorized access attempts, especially those resulting in successful (2xx) HTTP status codes from unknown or untrusted IP addresses.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-04T09:17:29Z","date_published":"2026-07-04T09:17:29Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14622-jairiidriss-auth-bypass/","summary":"A high-severity authentication bypass vulnerability (CVE-2026-14622) exists in the jairiidriss restaurant-website-php-mysql web application's AJAX Endpoint, specifically affecting the /admin/ajax_files component, allowing remote unauthenticated attackers to gain unauthorized access to sensitive functionalities, with public exploit code increasing immediate risk.","title":"CVE-2026-14622 — Jairiidriss restaurant-website-php-mysql Authentication Bypass","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14622-jairiidriss-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed - Jairiidriss","version":"https://jsonfeed.org/version/1.1"}