| Titre | Sourcecodester Online Food Ordering System v2 using PHP8 and MySQL Free Source Code v2.0 Local File Inclusion |
|---|
| Description | During the security assessment of "Online Food Ordering System", a critical local file inclusion vulnerability was identified in the "/index.php" file. This vulnerability is due to the direct use of user input from the 'page' parameter in the `include` statement without any path restriction. Attackers can manipulate the 'page' parameter to include sensitive files on the server, such as the database configuration file. Immediate remediation is necessary to safeguard system files and maintain the security of the system. |
|---|
| La source | ⚠️ https://github.com/Mikkoseven/cve/issues/4 |
|---|
| Utilisateur | Jxsec (UID 98275) |
|---|
| Soumission | 15/05/2026 14:57 (il y a 20 jours) |
|---|
| Modérer | 02/06/2026 17:47 (18 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 367963 [SourceCodester Online Food Ordering System 2.0 /index.php include page élévation de privilèges] |
|---|
| Points | 20 |
|---|