Vulnerabilities ›

CVE-2026-4472

Medium

CWE-74 — Weakness Type

                    Published: Mar 20, 2026                      ·  Modified: Mar 23, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /admin/admin_edit_supplier.php. The manipulation of the argument Supplier_Name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

🤖 AI Executive Summary

CVE-2026-4472 is a SQL injection vulnerability in itsourcecode Online Frozen Foods Ordering System 1.0 affecting the admin supplier edit functionality. Remote attackers can manipulate the Supplier_Name parameter to execute arbitrary SQL commands, with public exploit code available.

📄 Description (Arabic)

يؤثر هذا الثغر على نظام طلب الأطعمة المجمدة عبر الإنترنت من itsourcecode الإصدار 1.0 حيث يسمح بحقن أوامر SQL عبر معامل Supplier_Name في ملف /admin/admin_edit_supplier.php. يمكن للمهاجمين البعيدين استغلال هذه الثغرة للوصول غير المصرح به إلى قاعدة البيانات وتعديل أو حذف البيانات الحساسة.

🤖 ملخص تنفيذي (AI)

A SQL injection flaw exists in the admin panel of itsourcecode Online Frozen Foods Ordering System 1.0 that allows remote attackers to inject malicious SQL through the Supplier_Name field. This vulnerability has been publicly disclosed and poses a significant risk to affected systems.

🤖 AI Intelligence Analysis Analyzed: May 16, 2026 17:07

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

telecom government healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1190.004 T1505.003

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Immediately upgrade itsourcecode Online Frozen Foods Ordering System to a patched version if available. Implement input validation and parameterized queries for all user inputs, particularly the Supplier_Name parameter. Apply Web Application Firewall (WAF) rules to detect and block SQL injection attempts. Restrict admin panel access using network segmentation and strong authentication mechanisms.

🔧 خطوات المعالجة (العربية)

قم بترقية النظام فوراً إلى نسخة محدثة إن توفرت. طبق التحقق من صحة المدخلات والاستعلامات المعاملة لجميع مدخلات المستخدمين خاصة حقل Supplier_Name. استخدم جدار حماية تطبيقات الويب لكشف محاولات الحقن. قيد الوصول إلى لوحة التحكم باستخدام تقسيم الشبكة والمصادقة القوية.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC-3.1 ECC-3.2 ECC-4.1

🔵 SAMA CSF

ID.RA-1 PR.DS-1 DE.CM-1

🟡 ISO 27001:2022

A.14.2.1 A.14.2.5 A.12.6.1

🔗 References & Sources 5

🔗

https://github.com/rockycheng1/cve/issues/1

cna@vuldb.com

🔗

https://itsourcecode.com/

cna@vuldb.com

🔗

https://vuldb.com/?ctiid.351762

cna@vuldb.com

🔗

https://vuldb.com/?id.351762

cna@vuldb.com

🔗

https://vuldb.com/?submit.775207

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-74

Exploit No

Patch ✗ No

Published 2026-03-20

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-74

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-4472

Introduce Yourself

Sign In Required