CVE-2026-4839
SourceCodester Food Ordering System 1.0 contains a SQL injection in the Parameter Handler within /purchase.php, triggered by manipulating the custom parameter. Affected component: unknown function in /purchase.php; root cause is improper handling of the custom argument leading to SQL injection. T...