CVE-2025-13290 MEDIUM

CVE-2025-13290: code-projects Simple Food Ordering System saveorder.php sql injection

Vendor Code-Projects

Product Simple Food Ordering System

Weakness CWE-89 · SQLi

Published November 17, 2025

Last update November 17, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability has been found in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /saveorder.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

November 17, 2025 CVE published

November 17, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-13290

Related vulnerabilities

04Related CVE

CVE-2025-54060 WeGIA SQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarInfoPessoal.php Endpoint CVE-2025-3973 PHPGurukul COVID19 Testing Management System check_availability.php sql injection CVE-2024-5395 itsourcecode Online Student Enrollment System listofinstructor.php sql injection CVE-2025-9932 PHPGurukul Beauty Parlour Management System update-image.php sql injection CVE-2024-44004 WordPress WPCargo Track & Trace plugin <= 8.0.2 - SQL Injection vulnerability