CVE-2026-4532
low-risk
Published 2026-03-22
A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. It is recommended to change the configuration settings.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (1)
Simple Food Order System
Affected Vendors
References (5)
Product
https://code-projects.org/
Permissions Required
https://vuldb.com/?ctiid.352320
Third Party Advisory
https://vuldb.com/?id.352320
Third Party Advisory
https://vuldb.com/?submit.774338
26
/ 100
low-risk
Severity
21/34 · High
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal