{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4470", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-19T20:35:09.660Z", "datePublished": "2026-03-20T04:32:11.078Z", "dateUpdated": "2026-03-20T04:32:11.078Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-20T04:32:11.078Z"}, "title": "itsourcecode Online Frozen Foods Ordering System admin_edit_menu.php sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "itsourcecode", "product": "Online Frozen Foods Ordering System", "versions": [{"version": "1.0", "status": "affected"}], "cpes": ["cpe:2.3:a:itsourcecode:online_frozen_foods_ordering_system:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_edit_menu.php. Performing a manipulation of the argument product_name results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.7, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-19T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-19T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-19T21:40:24.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "OneChicken (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.351760", "name": "VDB-351760 | itsourcecode Online Frozen Foods Ordering System admin_edit_menu.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.351760", "name": "VDB-351760 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.772882", "name": "Submit #772882 | itsourcecode Online Frozen Foods Ordering System V1.0 SQL injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/sjkdhl/public/issues/3", "tags": ["exploit", "issue-tracking"]}, {"url": "https://itsourcecode.com/", "tags": ["product"]}], "tags": ["x_freeware"]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_edit_menu.php. Performing a manipulation of the argument product_name results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks."}], "id": "CVE-2026-4470", "lastModified": "2026-03-20T05:16:16.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-20T05:16:16.647", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/sjkdhl/public/issues/3"}, {"source": "cna@vuldb.com", "url": "https://itsourcecode.com/"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.351760"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.351760"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.772882"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Online Frozen Foods Ordering System", "source": "cna", "vendor": "itsourcecode"}, "product": "online_frozen_foods_ordering_system", "vendor": "itsourcecode"}], "analysis": {"en": {"generated_at": "2026-03-20T05:20:54.979492+00:00", "value": {"mitigation_remediation": ["Check the vendor\u2019s website for a patch or newer version and upgrade to a fixed release.", "Restrict access to the /admin directory using IP filtering or firewall rules to limit exposure to trusted hosts.", "Implement strict input validation and parameterized queries for the product_name argument to eliminate the injection vector.", "Monitor database logs for suspicious query activity and conduct regular security scans of the application code and configuration.", "If a patch is not available, consider disabling or removing the vulnerable admin feature until remediation is possible."], "summary": {"action": "Immediate Patch", "impact": "SQL Injection (Potential Data Breach)"}, "threat_synthesis": {"affected_systems": "The affected product is itsourcecode Online Frozen Foods Ordering System version 1.0. The vulnerability resides in the admin_edit_menu.php functionality, which is part of the administrative interface. No patch or version supersedes the issue in the supplied data, so all installations of version 1.0 remain vulnerable.", "description_and_impact": "The vulnerability is a classic SQL injection flaw located in the admin_edit_menu.php file of the Online Frozen Foods Ordering System. By manipulating the product_name argument, an attacker can inject arbitrary SQL statements. This flaw is identified as CWE\u201189 (SQL Injection) and CWE\u201174 (Improper Handling of Input). An attacker could potentially read, modify, or delete sensitive data within the database, compromising both confidentiality and integrity of the system. The description explicitly states the attack is possible remotely and that an exploit has already been released to the public.", "risk_and_exploitability": "The vulnerability carries a medium CVSS score of 5.1 and has no reportable EPSS score; it is not listed in the CISA KEV catalog. The available exploit code indicates that remote exploitation is straightforward through the product_name parameter. Without a vendor patch, the risk remains moderate to high, especially if the administrative interface is exposed to Internet users."}}}}, "created": "2026-03-20T08:52:38.101536+00:00", "updated": "2026-03-20T10:37:19.904348+00:00", "vendors": ["itsourcecode", "itsourcecode$PRODUCT$online_frozen_foods_ordering_system"]}