CVE-2026-24494

Published Feb 23, 2026

Last updated 14 days ago

CVSS critical 9.8
SQL injection

Overview

Description
SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of Order Up Online Ordering System 1.0 allows an unauthenticated attacker to access sensitive backend database data via a crafted store_id parameter in a POST request.
Source
66fe30d5-b042-4547-a192-c18da4c41a81
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

66fe30d5-b042-4547-a192-c18da4c41a81
CWE-89

Social media

Hype score
Not currently trending

Related CVEs

  1. Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_parcel_type.php.CVE-2026-26891
  2. Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_supplier.php.CVE-2026-26887
  3. Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php.CVE-2026-26888
  4. Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_category.php.CVE-2026-26889
  5. sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_employee.php.CVE-2026-26700

References

Sources include official advisories and independent security research.