{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4472", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-19T20:35:15.993Z", "datePublished": "2026-03-20T05:02:13.681Z", "dateUpdated": "2026-03-20T20:01:56.534Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-20T05:02:13.681Z"}, "title": "itsourcecode Online Frozen Foods Ordering System admin_edit_supplier.php sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "itsourcecode", "product": "Online Frozen Foods Ordering System", "versions": [{"version": "1.0", "status": "affected"}], "cpes": ["cpe:2.3:a:itsourcecode:online_frozen_foods_ordering_system:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /admin/admin_edit_supplier.php. The manipulation of the argument Supplier_Name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-19T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-19T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-19T21:40:28.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Rocky__Cheng (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.351762", "name": "VDB-351762 | itsourcecode Online Frozen Foods Ordering System admin_edit_supplier.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.351762", "name": "VDB-351762 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.775207", "name": "Submit #775207 | itsourcecode Online Frozen Foods Ordering System V1.0 SQL injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/rockycheng1/cve/issues/1", "tags": ["exploit", "issue-tracking"]}, {"url": "https://itsourcecode.com/", "tags": ["product"]}], "tags": ["x_freeware"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T20:01:48.029934Z", "id": "CVE-2026-4472", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T20:01:56.534Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4472", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-20T20:01:48.029934Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T20:01:53.000Z"}}], "cna": {"tags": ["x_freeware"], "title": "itsourcecode Online Frozen Foods Ordering System admin_edit_supplier.php sql injection", "credits": [{"lang": "en", "type": "reporter", "value": "Rocky__Cheng (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:itsourcecode:online_frozen_foods_ordering_system:*:*:*:*:*:*:*:*"], "vendor": "itsourcecode", "product": "Online Frozen Foods Ordering System", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2026-03-19T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-19T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-19T21:40:28.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.351762", "name": "VDB-351762 | itsourcecode Online Frozen Foods Ordering System admin_edit_supplier.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.351762", "name": "VDB-351762 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.775207", "name": "Submit #775207 | itsourcecode Online Frozen Foods Ordering System V1.0 SQL injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/rockycheng1/cve/issues/1", "tags": ["exploit", "issue-tracking"]}, {"url": "https://itsourcecode.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /admin/admin_edit_supplier.php. The manipulation of the argument Supplier_Name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "SQL Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-20T05:02:13.681Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4472", "state": "PUBLISHED", "dateUpdated": "2026-03-20T20:01:56.534Z", "dateReserved": "2026-03-19T20:35:15.993Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-20T05:02:13.681Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adonesevangelista:online_frozen_foods_ordering_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "DABEDB4F-8EAF-478A-86B3-393DB7E58022", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /admin/admin_edit_supplier.php. The manipulation of the argument Supplier_Name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used."}, {"lang": "es", "value": "Una vulnerabilidad de seguridad ha sido detectada en itsourcecode Online Frozen Foods Ordering System 1.0. Esta vulnerabilidad afecta c\u00f3digo desconocido del archivo /admin/admin_edit_supplier.PHP. La manipulaci\u00f3n del argumento Supplier_Name lleva a inyecci\u00f3n SQL. El ataque puede ser iniciado remotamente. El exploit ha sido divulgado p\u00fablicamente y puede ser utilizado."}], "id": "CVE-2026-4472", "lastModified": "2026-03-23T17:16:15.773", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-20T05:16:17.067", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory", "Mitigation"], "url": "https://github.com/rockycheng1/cve/issues/1"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://itsourcecode.com/"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.351762"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.351762"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.775207"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Online Frozen Foods Ordering System", "source": "cna", "vendor": "itsourcecode"}, "product": "online_frozen_foods_ordering_system", "vendor": "itsourcecode"}], "analysis": {"en": {"generated_at": "2026-03-20T06:22:03.161938+00:00", "value": {"mitigation_remediation": ["Check vendor's website or support portal for available patches or updates for Online Frozen Foods Ordering System 1.0.", "Apply any released patch or upgrade to a newer version that removes the unsanitized input handling.", "If no patch is available, restrict access to the admin_edit_supplier.php endpoint to trusted IP addresses or use firewall rules to limit exposure.", "Implement input validation or use prepared statements in the application code to mitigate SQL injection risk."], "summary": {"action": "Patch ASAP", "impact": "Remote SQL Injection"}, "threat_synthesis": {"affected_systems": "The affected product is itsourcecode's Online Frozen Foods Ordering System, version 1.0. The vulnerability resides in the admin_edit_supplier.php file and impacts any deployment of this version. No additional libraries or components were specified as affected.", "description_and_impact": "A vulnerability exists in the admin_edit_supplier.php of itsourcecode's Online Frozen Foods Ordering System 1.0. The Supplier_Name parameter is used in a SQL query without proper sanitization, allowing a remote attacker to inject arbitrary SQL statements. This type of vulnerability (CWE-74 / CWE-89) can lead to read/write access to the database, enabling data exfiltration, tampering of supplier information, or potentially further escalation.", "risk_and_exploitability": "The CVSS v3 score assigned is 5.3, indicating a medium-level severity. No EPSS score is available and the issue is not listed in the CISA KEV catalog, suggesting it is not widely exploited as of the last report. Attack can be initiated remotely, and given the lack of mitigation, an attacker with network access to the web interface could exploit the SQL injection without authentication. The risk is moderate but could be higher if scripts allow further exploitation. Immediate patching is recommended to avoid potential data compromise."}}}}, "created": "2026-03-20T08:52:31.145116+00:00", "updated": "2026-03-20T10:37:12.911816+00:00", "vendors": ["itsourcecode", "itsourcecode$PRODUCT$online_frozen_foods_ordering_system"]}