CVE-2026-4470 PUBLISHED

A security flaw has been discovered in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_edit_menu.php. Performing a manipulation of the argument product_name results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

• OneChicken (VulDB User) reporter

• VDB-351760 | itsourcecode Online Frozen Foods Ordering System admin_edit_menu.php sql injection
• VDB-351760 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #772882 | itsourcecode Online Frozen Foods Ordering System V1.0 SQL injection
• https://github.com/sjkdhl/public/issues/3
• https://itsourcecode.com/

• SQL Injection CWE
• Injection CWE