CVE-2026-5811 MEDIUM

CVE-2026-5811: SourceCodester Online Food Ordering System POST Parameter Actions.php save_product logic error

Vendor Sourcecodester

Product Online Food Ordering System

Weakness CWE-840

Published April 8, 2026

Last update April 9, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function save_product of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performed from remote. The exploit is publicly available and might be used.

Key dates

Disclosure timeline

April 8, 2026 CVE published

April 9, 2026 Record updated