Carmelo Simple Food Order System vulnerabilities

CVE-2026-5019 [MEDIUM] CWE-74 CVE-2026-5019: A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected b A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parameter Handler. The manipulation of the argument Status leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly

CVE-2026-5018 [MEDIUM] CWE-74 CVE-2026-5018: A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be use

CVE-2026-5017 [MEDIUM] CWE-74 CVE-2026-5017: A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an u A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used

CVE-2026-4533 [MEDIUM] CWE-74 CVE-2026-4533: A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issu A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used.

CVE-2026-4319 [MEDIUM] CWE-74 CVE-2026-4319: A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulne A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the argument price leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.

CVE-2026-26713 [CRITICAL] CWE-89 CVE-2026-26713: code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-o code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-order.php.

CVE-2026-26712 [CRITICAL] CWE-89 CVE-2026-26712: code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admi code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admin.php.

CVE-2026-26710 [CRITICAL] CWE-89 CVE-2026-26710: code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-ord code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php.

CVE-2026-26711 [CRITICAL] CWE-89 CVE-2026-26711: code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php. code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php.