CVE-2026-13571 | A flaw has been found in SourceCodester Simple Food Ordering… | CVSS 5.3 MEDIUM

Description

A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument item_price can lead to business logic errors. The attack may be performed from remote. The exploit has been published and may be used.

Metadata

CVE ID: CVE-2026-13571
State: PUBLISHED
Assigner: VulDB
Reserved: 2026-06-28 18:38 UTC
Published: 2026-06-29 13:30 UTC
Last updated: 2026-06-29 15:06 UTC
Primary CWE: CWE-840
Business Logic Errors
Vendor / Product: SourceCodester / Simple Food Ordering System
Sources: cve.org · NVD

Severity & Metrics

5.3 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: yes
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
SourceCodester	Simple Food Ordering System	—	1.0

Weakness (CWE)

CWE	Source	Description
CWE-840	cna	Business Logic Errors

CVSS scores (4)

Score	Severity	Version	Source	Vector
6.9	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
5.3	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
5.3	MEDIUM	3.0	cna	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
5.0	N/D	2.0	cna	AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

References (6)

VDB-374579 | SourceCodester Simple Food Ordering System cart.php logic error https://vuldb.com/vuln/374579
VDB-374579 | CTI Indicators (IOB, IOC, IOA) https://vuldb.com/vuln/374579/cti
CVE-2026-13571 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-13571
Submit #844355 | SourceCodester Simple Food Ordering System 1.0 Business Logic Errors https://vuldb.com/submit/844355
https://github.com/ogh-bnz/Simple-Food-Ordering-System/blob/main/Simple-Food-Ordering-System-Price-Manipulation.md
https://www.sourcecodester.com/