CVE-2026-30529 PHP — Exploit & Vulnerability Details HIGH

CVE-2026-30529

HIGH CVSS 3.1: 8.8 EPSS 0.01%

Parameter	Value
CVSS	8.8 (HIGH)
Type	CWE-89 (SQL Injection)
Vendor	PHP
Public PoC	No

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_user action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an authenticated attacker to inject malicious SQL commands.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-89 SQL Injection

Vulnerable Products 1

Configuration	From (including)	Up to (excluding)
Oretnom23 Online_Food_Ordering_System cpe:2.3:a:oretnom23:online_food_ordering_system:1.0:::::::*	—	—

References 1

https://github.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-Sy…

cve@mitre.org

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-6167

Code-Projects

6.9

CVE-2026-6166

Code-Projects

6.9

CVE-2026-6165

PHP

6.9

CVE-2026-6164

PHP

6.9

CVE-2026-6163

PHP

6.9

Menu

CVE-2026-30529

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

References 1

Related Vulnerabilities

CVE-2026-6167

CVE-2026-6166

CVE-2026-6165

CVE-2026-6164

CVE-2026-6163

CVE Details

Editor's Choice

Menu

CVE-2026-30529

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

References 1

Related Vulnerabilities

CVE-2026-6167

CVE-2026-6166

CVE-2026-6165

CVE-2026-6164

CVE-2026-6163

CVE Details

Editor's Choice

Stay informed on cybersecurity