CVE-2026-4900 — Forced Browsing in Online Food Ordering System

CWE-425 — Forced Browsing CWE-552 — Files or Directories Accessible to External Parties6 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 87.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Code-projects Online Food Ordering System

Timeline

PublishedMar 26

Latest updateMar 27

Description

A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. It is advisable to modify the configuration settings.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages1 packages

▶CVEListV5code-projects/online_food_ordering_system1.0

🔴Vulnerability Details

GHSA

GHSA-597g-qjqv-f858: A weakness has been identified in code-projects Online Food Ordering System 1↗2026-03-27

▶

CVEList

code-projects Online Food Ordering System localhost.sql privilege escalation↗2026-03-26

▶