Code Projects Simple Food Ordering System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Code Projects Simple Food Ordering System.
By the Year
In 2026 there have been 2 vulnerabilities in Code Projects Simple Food Ordering System with an average score of 5.8 out of ten. Last year, in 2025 Simple Food Ordering System had 8 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.25.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 5.80 |
| 2025 | 8 | 5.55 |
It may take a day or so for new Simple Food Ordering System vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Code Projects Simple Food Ordering System Security Vulnerabilities
Code Projects SFO System 1.0 SQLi via Status in all-tickets.php
CVE-2026-4533
6.3 - Medium
- March 22, 2026
A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
SQL Injection
SFOS <1.0: Remote File Exposure via Database Backup Handler
CVE-2026-4532
5.3 - Medium
- March 22, 2026
A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. It is recommended to change the configuration settings.
Files or Directories Accessible to External Parties
Simple Food Ordering System 1.0: SQLi via /listorder.php ID
CVE-2025-13571
6.3 - Medium
- November 23, 2025
A vulnerability was determined in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /listorder.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
SQL Injection
Remote SQL Injection in Simple Food Ordering System 1.0 /saveorder.php
CVE-2025-13290
6.3 - Medium
- November 17, 2025
A vulnerability has been found in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /saveorder.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
Simple Food Ordering System 1.0 Unrestricted File Upload via /addproduct.php
CVE-2025-12378
7.3 - High
- October 28, 2025
A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addproduct.php. Performing manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Unrestricted File Upload
Simple Food Ordering System 1.0 XSS via editproduct.php pname/category/price
CVE-2025-12302
4.3 - Medium
- October 27, 2025
A vulnerability was detected in code-projects Simple Food Ordering System 1.0. The affected element is an unknown function of the file /editproduct.php. Performing manipulation of the argument pname/category/price results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used.
XSS
Unrestricted File Upload in Simple Food Ordering System 1.0 via photo
CVE-2025-12301
7.3 - High
- October 27, 2025
A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /editproduct.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Unrestricted File Upload
Remote XSS via /addcategory.php in Simple Food Ordering System 1.0
CVE-2025-12300
4.3 - Medium
- October 27, 2025
A weakness has been identified in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addcategory.php. This manipulation of the argument cname causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
XSS
CVE-2025-12299: Reflected XSS in addproduct.php of Simple Food Ordering System 1.0
CVE-2025-12299
4.3 - Medium
- October 27, 2025
A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument pname/category/price results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
XSS
XSS via pname in /editcategory.php of Simple Food Ordering System 1.0
CVE-2025-12298
4.3 - Medium
- October 27, 2025
A vulnerability was identified in code-projects Simple Food Ordering System 1.0. This affects an unknown part of the file /editcategory.php. The manipulation of the argument pname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Code Projects Simple Food Ordering System or by Code Projects? Click the Watch button to subscribe.
