CVE-2025-12314 MEDIUM

CVE-2025-12314: code-projects Food Ordering System deleteitem.php sql injection

Vendor Code-Projects

Product Food Ordering System

Weakness CWE-89 · SQLi

Published October 27, 2025

Last update February 24, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in code-projects Food Ordering System 1.0. The impacted element is an unknown function of the file /admin/deleteitem.php. Performing a manipulation of the argument itemID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

Key dates

02Disclosure timeline

October 27, 2025 CVE published

February 24, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-12314 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-62617 Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality CVE-2026-39466 WordPress Broken Link Checker plugin <= 2.4.7 - SQL Injection vulnerability CVE-2023-5437 WP fade in text news <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode CVE-2024-54445 Blind SQLi in Login CVE-2024-1203 Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce <= 7.0.7 - Authenticated (Subscriber+) SQL Injection