CVE-2026-30530: A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifi

Description

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_customer action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject malicious SQL commands.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a

References

https://github.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/SQLi-Actions-saveCustomer-username.md

Related News (1 articles)

Tier C

VulDB6h ago

CVE-2026-30530 | SourceCodester Online Food Ordering System 1.0 Parameter Actions.php save_customer Username sql injection

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Published3/27/2026

Last enriched6h agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Version History

Last enriched 6h ago

v2Tier C6h ago

Updated severity to CRITICAL, added vendor and product information, and provided a more detailed description of the vulnerability.

descriptionaffectedVersionsseverityactivelyExploitedtags

via VulDB

v16h ago

Initial creation