CVE-2026-4900

CVE Database · CVE-2026-4900

CVE-2026-4900

· MEDIUMDeferred

CVSS v3.1

5.3

CVSS v4.0

5.5

EPSS

0.43%

Published

Mar 26, 2026

Modified

Apr 24, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. It is advisable to modify the configuration settings.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-425CWE-552

References (5)

https://code-projects.org/

https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Online%20Food%20Ordering%20System%20in%20PHP%201.0%20%E2%80%93%20Sensitive%20Information%20Disclosure.md

https://vuldb.com/?ctiid.353642

https://vuldb.com/?id.353642

https://vuldb.com/?submit.776980

KEV Catalog EPSS Scores Vendors All CVEs