Vulnerabilities ›

CVE-2026-4900

Medium

CWE-425 — Weakness Type

                    Published: Mar 26, 2026                      ·  Modified: Mar 29, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. It is advisable to modify the configuration settings.

🤖 AI Executive Summary

CVE-2026-4900 is a path traversal vulnerability in code-projects Online Food Ordering System 1.0 that allows remote attackers to access unauthorized files and directories through the /dbfood/localhost.sql file. The vulnerability has public exploits available and requires configuration changes to remediate.

📄 Description (Arabic)

يؤثر هذا الضعف على نظام الطلب الغذائي عبر الإنترنت من code-projects الإصدار 1.0 ويسمح بالوصول غير المصرح به إلى الملفات والمجلدات من خلال ثغرة المسار المتقاطع. يمكن استغلال الثغرة عن بعد وتتوفر أدوات استغلال عامة لها.

🤖 ملخص تنفيذي (AI)

A path traversal flaw exists in code-projects Online Food Ordering System 1.0 enabling remote unauthorized file access via /dbfood/localhost.sql. Public exploits are available and configuration modification is recommended for mitigation.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 02:40

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

telecom healthcare

🎯 MITRE ATT&CK Techniques

T1083 T1190 T1566

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Immediately upgrade to a patched version of code-projects Online Food Ordering System if available. Restrict file system permissions on /dbfood/ directory, implement input validation and sanitization for file path parameters, disable directory listing, apply Web Application Firewall (WAF) rules to block path traversal patterns, and conduct security audit of exposed files.

🔧 خطوات المعالجة (العربية)

قم بالترقية الفورية إلى نسخة مصححة من النظام إن توفرت. قيد صلاحيات نظام الملفات لمجلد /dbfood/، وطبق التحقق من صحة المدخلات، وعطل عرض قائمة المجلدات، وطبق قواعد جدار الحماية لحجب أنماط المسار المتقاطع، وأجر تدقيق أمني للملفات المكشوفة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.7.1.1 A.7.1.2 A.12.6.1

🔵 SAMA CSF

ID.AM-2 PR.AC-1 PR.AC-3

🟡 ISO 27001:2022

A.6.1.1 A.9.1.1 A.9.2.1 A.9.4.3 A.12.6.1 A.14.2.1

🔗 References & Sources 5

🔗

https://code-projects.org/

cna@vuldb.com

🔗

https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Online%20Food%20Ordering%20System...

cna@vuldb.com

🔗

https://vuldb.com/?ctiid.353642

cna@vuldb.com

🔗

https://vuldb.com/?id.353642

cna@vuldb.com

🔗

https://vuldb.com/?submit.776980

cna@vuldb.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-425

EPSS0.04%

Exploit No

Patch ✗ No

Published 2026-03-26

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-425

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-4900

Introduce Yourself

Sign In Required