Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities found for Simple Food Ordering System by SourceCodester
CVE-2026-13571 (GCVE-0-2026-13571)
Vulnerability from nvd – Published: 2026-06-29 13:30 – Updated: 2026-06-29 15:06 X_Freeware
VLAI
Title
SourceCodester Simple Food Ordering System cart.php logic error
Summary
A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument item_price can lead to business logic errors. The attack may be performed from remote. The exploit has been published and may be used.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/374579 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/374579/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-13571 | third-party-advisory |
| https://vuldb.com/submit/844355 | third-party-advisory |
| https://github.com/ogh-bnz/Simple-Food-Ordering-S… | exploit |
| https://www.sourcecodester.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | Simple Food Ordering System |
Affected:
1.0
cpe:2.3:a:sourcecodester:simple_food_ordering_system:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-13571",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T15:06:31.645228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T15:06:36.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:simple_food_ordering_system:*:*:*:*:*:*:*:*"
],
"product": "Simple Food Ordering System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument item_price can lead to business logic errors. The attack may be performed from remote. The exploit has been published and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T13:30:09.534Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-374579 | SourceCodester Simple Food Ordering System cart.php logic error",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/374579"
},
{
"name": "VDB-374579 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/374579/cti"
},
{
"name": "CVE-2026-13571 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-13571"
},
{
"name": "Submit #844355 | SourceCodester Simple Food Ordering System 1.0 Business Logic Errors",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/844355"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ogh-bnz/Simple-Food-Ordering-System/blob/main/Simple-Food-Ordering-System-Price-Manipulation.md"
},
{
"tags": [
"product"
],
"url": "https://www.sourcecodester.com/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2026-06-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-28T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-28T20:44:01.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Simple Food Ordering System cart.php logic error"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-13571",
"datePublished": "2026-06-29T13:30:09.534Z",
"dateReserved": "2026-06-28T18:38:58.106Z",
"dateUpdated": "2026-06-29T15:06:36.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6161 (GCVE-0-2025-6161)
Vulnerability from nvd – Published: 2025-06-17 04:31 – Updated: 2025-06-17 15:19
VLAI
Title
SourceCodester Simple Food Ordering System editproduct.php unrestricted upload
Summary
A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.312636 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.312636 | signaturepermissions-required |
| https://vuldb.com/?submit.593237 | third-party-advisory |
| https://github.com/kakalalaww/CVE/issues/17 | exploitissue-tracking |
| https://www.sourcecodester.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | Simple Food Ordering System |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6161",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T15:16:31.889139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T15:19:06.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Simple Food Ordering System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "kakalalaww (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in SourceCodester Simple Food Ordering System 1.0 gefunden. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /editproduct.php. Mittels dem Manipulieren des Arguments photo mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T04:31:08.694Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-312636 | SourceCodester Simple Food Ordering System editproduct.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.312636"
},
{
"name": "VDB-312636 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.312636"
},
{
"name": "Submit #593237 | Source Code \u0026 Projects Simple Food Ordering System V1.0 Unrestricted Upload",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.593237"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/kakalalaww/CVE/issues/17"
},
{
"tags": [
"product"
],
"url": "https://www.sourcecodester.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-15T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-15T21:08:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Simple Food Ordering System editproduct.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6161",
"datePublished": "2025-06-17T04:31:08.694Z",
"dateReserved": "2025-06-15T19:03:23.244Z",
"dateUpdated": "2025-06-17T15:19:06.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0902 (GCVE-0-2023-0902)
Vulnerability from nvd – Published: 2023-02-18 07:31 – Updated: 2024-08-02 05:24
VLAI
Title
SourceCodester Simple Food Ordering System process_order.php cross site scripting
Summary
A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.221451 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.221451 | signaturepermissions-required |
| https://github.com/navaidzansari/CVE_Demo/blob/ma… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | Simple Food Ordering System |
Affected:
1.0
|
|
| simple_food_ordering_system_project | simple_food_ordering_system |
Affected:
1.0
cpe:2.3:a:simple_food_ordering_system_project:simple_food_ordering_system:1.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:simple_food_ordering_system_project:simple_food_ordering_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simple_food_ordering_system",
"vendor": "simple_food_ordering_system_project",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0902",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T16:02:31.889764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T21:03:56.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.221451"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.221451"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Simple%20Food%20Ordering%20System%20-%20Authenticated%20Reflected%20XSS.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simple Food Ordering System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "navaidansari (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in SourceCodester Simple Food Ordering System 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei process_order.php. Durch Beeinflussen des Arguments order mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T21:13:58.018Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.221451"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.221451"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Simple%20Food%20Ordering%20System%20-%20Authenticated%20Reflected%20XSS.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-02-18T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-02-18T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-03-23T07:11:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Simple Food Ordering System process_order.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-0902",
"datePublished": "2023-02-18T07:31:22.384Z",
"dateReserved": "2023-02-18T07:30:48.249Z",
"dateUpdated": "2024-08-02T05:24:34.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2683 (GCVE-0-2022-2683)
Vulnerability from nvd – Published: 2022-08-05 20:22 – Updated: 2025-04-15 13:59
VLAI
Title
SourceCodester Simple Food Ordering System login.php cross site scripting
Summary
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password with the input "><ScRiPt>alert(1)</sCrIpT> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205671.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/anx0ing/CVE_demo/blob/main/202… | x_refsource_MISC |
| https://vuldb.com/?id.205671 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | Simple Food Ordering System |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:03.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/anx0ing/CVE_demo/blob/main/2022/Simple%20Food%20Ordering%20System-XSS.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.205671"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2683",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:03:26.664126Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:59:05.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Simple Food Ordering System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password with the input \"\u003e\u003cScRiPt\u003ealert(1)\u003c/sCrIpT\u003e leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205671."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T20:22:10.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/anx0ing/CVE_demo/blob/main/2022/Simple%20Food%20Ordering%20System-XSS.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.205671"
}
],
"title": "SourceCodester Simple Food Ordering System login.php cross site scripting",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2022-2683",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "SourceCodester Simple Food Ordering System login.php cross site scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple Food Ordering System",
"version": {
"version_data": [
{
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "SourceCodester"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password with the input \"\u003e\u003cScRiPt\u003ealert(1)\u003c/sCrIpT\u003e leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205671."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/anx0ing/CVE_demo/blob/main/2022/Simple%20Food%20Ordering%20System-XSS.md",
"refsource": "MISC",
"url": "https://github.com/anx0ing/CVE_demo/blob/main/2022/Simple%20Food%20Ordering%20System-XSS.md"
},
{
"name": "https://vuldb.com/?id.205671",
"refsource": "MISC",
"url": "https://vuldb.com/?id.205671"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-2683",
"datePublished": "2022-08-05T20:22:10.000Z",
"dateReserved": "2022-08-05T00:00:00.000Z",
"dateUpdated": "2025-04-15T13:59:05.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-13571 (GCVE-0-2026-13571)
Vulnerability from cvelistv5 – Published: 2026-06-29 13:30 – Updated: 2026-06-29 15:06 X_Freeware
VLAI
Title
SourceCodester Simple Food Ordering System cart.php logic error
Summary
A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument item_price can lead to business logic errors. The attack may be performed from remote. The exploit has been published and may be used.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/374579 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/374579/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-13571 | third-party-advisory |
| https://vuldb.com/submit/844355 | third-party-advisory |
| https://github.com/ogh-bnz/Simple-Food-Ordering-S… | exploit |
| https://www.sourcecodester.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | Simple Food Ordering System |
Affected:
1.0
cpe:2.3:a:sourcecodester:simple_food_ordering_system:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-13571",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T15:06:31.645228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T15:06:36.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:simple_food_ordering_system:*:*:*:*:*:*:*:*"
],
"product": "Simple Food Ordering System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument item_price can lead to business logic errors. The attack may be performed from remote. The exploit has been published and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T13:30:09.534Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-374579 | SourceCodester Simple Food Ordering System cart.php logic error",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/374579"
},
{
"name": "VDB-374579 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/374579/cti"
},
{
"name": "CVE-2026-13571 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-13571"
},
{
"name": "Submit #844355 | SourceCodester Simple Food Ordering System 1.0 Business Logic Errors",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/844355"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ogh-bnz/Simple-Food-Ordering-System/blob/main/Simple-Food-Ordering-System-Price-Manipulation.md"
},
{
"tags": [
"product"
],
"url": "https://www.sourcecodester.com/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2026-06-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-28T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-28T20:44:01.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Simple Food Ordering System cart.php logic error"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-13571",
"datePublished": "2026-06-29T13:30:09.534Z",
"dateReserved": "2026-06-28T18:38:58.106Z",
"dateUpdated": "2026-06-29T15:06:36.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6161 (GCVE-0-2025-6161)
Vulnerability from cvelistv5 – Published: 2025-06-17 04:31 – Updated: 2025-06-17 15:19
VLAI
Title
SourceCodester Simple Food Ordering System editproduct.php unrestricted upload
Summary
A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.312636 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.312636 | signaturepermissions-required |
| https://vuldb.com/?submit.593237 | third-party-advisory |
| https://github.com/kakalalaww/CVE/issues/17 | exploitissue-tracking |
| https://www.sourcecodester.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | Simple Food Ordering System |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6161",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T15:16:31.889139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T15:19:06.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Simple Food Ordering System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "kakalalaww (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in SourceCodester Simple Food Ordering System 1.0 gefunden. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /editproduct.php. Mittels dem Manipulieren des Arguments photo mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T04:31:08.694Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-312636 | SourceCodester Simple Food Ordering System editproduct.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.312636"
},
{
"name": "VDB-312636 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.312636"
},
{
"name": "Submit #593237 | Source Code \u0026 Projects Simple Food Ordering System V1.0 Unrestricted Upload",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.593237"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/kakalalaww/CVE/issues/17"
},
{
"tags": [
"product"
],
"url": "https://www.sourcecodester.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-15T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-15T21:08:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Simple Food Ordering System editproduct.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6161",
"datePublished": "2025-06-17T04:31:08.694Z",
"dateReserved": "2025-06-15T19:03:23.244Z",
"dateUpdated": "2025-06-17T15:19:06.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0902 (GCVE-0-2023-0902)
Vulnerability from cvelistv5 – Published: 2023-02-18 07:31 – Updated: 2024-08-02 05:24
VLAI
Title
SourceCodester Simple Food Ordering System process_order.php cross site scripting
Summary
A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.221451 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.221451 | signaturepermissions-required |
| https://github.com/navaidzansari/CVE_Demo/blob/ma… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | Simple Food Ordering System |
Affected:
1.0
|
|
| simple_food_ordering_system_project | simple_food_ordering_system |
Affected:
1.0
cpe:2.3:a:simple_food_ordering_system_project:simple_food_ordering_system:1.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:simple_food_ordering_system_project:simple_food_ordering_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simple_food_ordering_system",
"vendor": "simple_food_ordering_system_project",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0902",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T16:02:31.889764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T21:03:56.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.221451"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.221451"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Simple%20Food%20Ordering%20System%20-%20Authenticated%20Reflected%20XSS.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simple Food Ordering System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "navaidansari (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in SourceCodester Simple Food Ordering System 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei process_order.php. Durch Beeinflussen des Arguments order mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T21:13:58.018Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.221451"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.221451"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Simple%20Food%20Ordering%20System%20-%20Authenticated%20Reflected%20XSS.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-02-18T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-02-18T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-03-23T07:11:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Simple Food Ordering System process_order.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-0902",
"datePublished": "2023-02-18T07:31:22.384Z",
"dateReserved": "2023-02-18T07:30:48.249Z",
"dateUpdated": "2024-08-02T05:24:34.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2683 (GCVE-0-2022-2683)
Vulnerability from cvelistv5 – Published: 2022-08-05 20:22 – Updated: 2025-04-15 13:59
VLAI
Title
SourceCodester Simple Food Ordering System login.php cross site scripting
Summary
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password with the input "><ScRiPt>alert(1)</sCrIpT> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205671.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/anx0ing/CVE_demo/blob/main/202… | x_refsource_MISC |
| https://vuldb.com/?id.205671 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | Simple Food Ordering System |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:03.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/anx0ing/CVE_demo/blob/main/2022/Simple%20Food%20Ordering%20System-XSS.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.205671"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2683",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:03:26.664126Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:59:05.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Simple Food Ordering System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password with the input \"\u003e\u003cScRiPt\u003ealert(1)\u003c/sCrIpT\u003e leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205671."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T20:22:10.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/anx0ing/CVE_demo/blob/main/2022/Simple%20Food%20Ordering%20System-XSS.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.205671"
}
],
"title": "SourceCodester Simple Food Ordering System login.php cross site scripting",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2022-2683",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "SourceCodester Simple Food Ordering System login.php cross site scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple Food Ordering System",
"version": {
"version_data": [
{
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "SourceCodester"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password with the input \"\u003e\u003cScRiPt\u003ealert(1)\u003c/sCrIpT\u003e leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205671."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/anx0ing/CVE_demo/blob/main/2022/Simple%20Food%20Ordering%20System-XSS.md",
"refsource": "MISC",
"url": "https://github.com/anx0ing/CVE_demo/blob/main/2022/Simple%20Food%20Ordering%20System-XSS.md"
},
{
"name": "https://vuldb.com/?id.205671",
"refsource": "MISC",
"url": "https://vuldb.com/?id.205671"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-2683",
"datePublished": "2022-08-05T20:22:10.000Z",
"dateReserved": "2022-08-05T00:00:00.000Z",
"dateUpdated": "2025-04-15T13:59:05.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}