CVE-2026-4532

CWE-425 CWE-552 — Files Accessible to External Parties3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 89.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Code-projects Simple Food Ordering System

Timeline

PublishedMar 22

Description

A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. It is recommended to change the configuration settings.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages1 packages

▶CVEListV5code-projects/simple_food_ordering_system1.0

🔴Vulnerability Details

CVEList

code-projects Simple Food Ordering System Database Backup food.sql file access↗2026-03-22

▶

GHSA

GHSA-mcqg-vw6x-qfjx: A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1↗2026-03-22

▶