CVE-2026-13571
SourceCodester Simple Food Ordering System cart.php logic error
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument item_price can lead to business logic errors. The attack may be performed from remote. The exploit has been published and may be used.
| CWE | CWE-840 |
| Vendor | sourcecodester |
| Product | simple food ordering system |
| Published | Jun 29, 2026 |
| Last Updated | Jun 29, 2026 |
Stay Ahead of the Next One
Get instant alerts for sourcecodester simple food ordering system
Be the first to know when new medium vulnerabilities affecting sourcecodester simple food ordering system are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
SourceCodester / Simple Food Ordering System
1.0
References
vuldb.com: https://vuldb.com/vuln/374579 vuldb.com: https://vuldb.com/vuln/374579/cti vuldb.com: https://vuldb.com/cve/CVE-2026-13571 vuldb.com: https://vuldb.com/submit/844355 github.com: https://github.com/ogh-bnz/Simple-Food-Ordering-System/blob/main/Simple-Food-Ordering-System-Price-Manipulation.md sourcecodester.com: https://www.sourcecodester.com/