A vulnerability classified as critical was found in code-projects Online Food Order System 1.0. This affects an unknown part of the file /edit_food_items.php. The manipulation of the argument update results in sql injection.

This vulnerability is known as CVE-2026-15135. It is possible to launch the attack remotely. Furthermore, an exploit is available.