anonhaven
Ad

CVE-2026-4532

MEDIUM CVSS 4.0: 5.5 EPSS 0.04%
Updated Apr 10, 2026
Carmelo
Parameter Value
CVSS 5.5 (MEDIUM)
Type CWE-425 (Direct Request / Forced Browsing), CWE-552
Vendor Carmelo
Public PoC No

A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible.

It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. It is recommended to change the configuration settings.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
None
No data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-425 Direct Request / Forced Browsing
CWE-552

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Carmelo Simple_Food_Order_System
cpe:2.3:a:carmelo:simple_food_order_system:1.0:*:*:*:*:*:*:*

References 5

https://code-projects.org/
cna@vuldb.com
https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Simple%20Food%20Ordering%…
cna@vuldb.com
https://vuldb.com/?ctiid.352320
cna@vuldb.com
https://vuldb.com/?id.352320
cna@vuldb.com
https://vuldb.com/?submit.774338
cna@vuldb.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-26713

Carmelo

9.8

CVE-2026-26712

Carmelo

9.8

CVE-2026-26711

Carmelo

9.8

CVE-2026-26710

Carmelo

9.8

CVE-2026-26696

Carmelo

9.8