A vulnerability was detected in code-projects Online Food Ordering System 1.0. This issue affects some unknown processing of the file /admin.php of the component Admin Login Module. The manipulation of the argument Username results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
PUBLISHED5.2CWE-89CWE-74x_freeware
code-projects Online Food Ordering System Admin Login admin.php sql injection
Problem type
Affected products
code-projects
Online Food Ordering System
1.0 - AFFECTED
References
VDB-353149 | code-projects Online Food Ordering System Admin Login admin.php sql injection
https://vuldb.com/?id.353149
VDB-353149 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.353149
Submit #776137 | code-projects Online Food Ordering System 1.0 SQL Injection
https://vuldb.com/?submit.776137
gist.github.com
https://gist.github.com/HxH404/8e5bd42c0f968a92a23edc5e7b879955
code-projects.org
https://code-projects.org/
GitHub Security Advisories
GHSA-cc45-j295-8r3r
A vulnerability was detected in code-projects Online Food Ordering System 1.0. This issue affects...
https://github.com/advisories/GHSA-cc45-j295-8r3rA vulnerability was detected in code-projects Online Food Ordering System 1.0. This issue affects some unknown processing of the file /admin.php of the component Admin Login Module. The manipulation of the argument Username results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2026-4844
code-projects.org
https://code-projects.org
gist.github.com
https://gist.github.com/HxH404/8e5bd42c0f968a92a23edc5e7b879955
vuldb.com
https://vuldb.com/?ctiid.353149
vuldb.com
https://vuldb.com/?id.353149
vuldb.com
https://vuldb.com/?submit.776137
github.com
https://github.com/advisories/GHSA-cc45-j295-8r3r
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-4844Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-4844",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-03-26T04:50:14.846Z",
"dateReserved": "2026-03-25T14:47:02.744Z",
"datePublished": "2026-03-26T04:50:14.846Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-03-26T04:50:14.846Z"
},
"title": "code-projects Online Food Ordering System Admin Login admin.php sql injection",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in code-projects Online Food Ordering System 1.0. This issue affects some unknown processing of the file /admin.php of the component Admin Login Module. The manipulation of the argument Username results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. Several companies clearly confirm that VulDB is the primary source for best vulnerability data."
}
],
"affected": [
{
"vendor": "code-projects",
"product": "Online Food Ordering System",
"modules": [
"Admin Login Module"
],
"versions": [
{
"version": "1.0",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "SQL Injection",
"cweId": "CWE-89",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Injection",
"cweId": "CWE-74",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?id.353149",
"name": "VDB-353149 | code-projects Online Food Ordering System Admin Login admin.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.353149",
"name": "VDB-353149 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.776137",
"name": "Submit #776137 | code-projects Online Food Ordering System 1.0 SQL Injection",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://gist.github.com/HxH404/8e5bd42c0f968a92a23edc5e7b879955",
"tags": [
"exploit"
]
},
{
"url": "https://code-projects.org/",
"tags": [
"product"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"baseScore": 7.5
}
}
],
"timeline": [
{
"time": "2026-03-25T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-03-25T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-03-25T15:52:09.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "Abhiram T (VulDB User)",
"type": "reporter"
}
],
"tags": [
"x_freeware"
]
}
}
}