一、 漏洞 CVE-2026-1159 基础信息

                                        # itsourcecode 在线冷冻食品订购系统 SQL注入漏洞

## 概述
A SQL injection vulnerability has been discovered in itsourcecode Online Frozen Foods Ordering System version 1.0.

## 影响版本
1.0

## 细节
The vulnerability exists in the `/order_online.php` file due to improper handling of the `product_name` parameter. An attacker can manipulate this parameter to inject and execute arbitrary SQL commands.

## 影响
The vulnerability can be exploited remotely. Publicly available exploit code increases the risk of active attacks, potentially leading to unauthorized data access, data manipulation, or database compromise.
                                        

二、漏洞 CVE-2026-1159 的公开POC

三、漏洞 CVE-2026-1159 的情报信息

• 标题： itsourcecode Online Frozen Foods Ordering System V1.0 "/frozenfoodssystem/order_online.php" SQL injection · Issue #1 · YouSeeYouOneDayDayDe/Nick_1321_vuls -- 🔗来源链接

  标签：exploitissue-tracking

  神龙速读：

                                          - **Product Name**: Online Frozen Foods Ordering System
  - **Vendor Homepage**: https://itsourcecode.com/free-projects/php-project/online-frozen-foods-ordering-system-source-code/
  - **Affected Version**: V1.0
  - **Submitter**: Nick_1321
  - **Vulnerable File**: /frozenfoodssystem/order_online.php
  - **Vulnerability Type**: SQL injection
  - **Root Cause**: A SQL injection vulnerability was found in the '/frozenfoodssystem/order_online.php' file. The vulnerability stems from insufficient user input validation of the 'product_name' parameter.
  - **Impact**: Attackers can exploit this SQL injection vulnerability to achieve unauthorized database access, sensitive data leakage, data tampering, comprehensive system control, and even service interruption, posing a serious threat to system security and business continuity.
  - **Vulnerability Details**:
      - Payload: `quantity=1&product_name=ARGINTINA+HOTDOG'||(SELECT 0x4e455854 FROM(SELECT 1,2,SLEEP(1),4)T)--`
  - **Suggested Repair**:
      1. Use prepared statements and parameter binding.
      2. Input validation and filtering.
      3. Minimize database user permissions.
      4. Regular security audits.
                                          

  

• 标题： Itsourcecode.com - Partner In Your Coding Journey! -- 🔗来源链接

  标签：product

  
• https://vuldb.com/?ctiid.341753signaturepermissions-required

• 标题： Submit #736332: itsourcecode Online Frozen Foods Ordering System V1.0 SQL Injection -- 🔗来源链接

  标签：third-party-advisory

  神龙速读：

                                          以下是从网页截图中获取到的关键漏洞信息，以简洁的Markdown格式呈现：
  
  ```md
  ## 漏洞信息
  
  - **Title**: itsourcecode Online Frozen Foods Ordering System V1.0 SQL Injection
  - **Description**: 
    - During the security review of "Online Frozen Foods Ordering System", a critical SQL injection vulnerability was found in the "/frozenfoodssystem/order_online.php" file. 
    - The vulnerability arises from insufficient user input validation of the 'product_name' parameter, allowing attackers to inject malicious SQL queries. 
    - As a result, attackers can gain unauthorized access to databases, modify or delete data, and access sensitive information.
  - **Source**: 
    - ![](warning_icon) https://github.com/YouSeeYouOneDayDayDe/Nick_1321_vuls/issues/1
  - **User**: 
    - ![](red_square) Nick_1321 (UID 94387)
  - **Submission Date**: 01/11/2026 03:55 PM (8 days ago)
  - **Moderation Date**: 01/18/2026 09:24 PM (7 days later)
  - **Status**: 
    - ![](green_rectangle) Accepted
  - **VuDB Entry**: 
    - ![](purple_rectangle) 2341753 [itsourcecode Online Frozen Foods Ordering System 1.0 /order_online.php product_name sql injection]
  - **Points**: 
    - 20
  ```
  
  该Markdown格式将关键信息清晰地组织起来，方便阅读和理解。
                                          

  
• https://vuldb.com/?id.341753vdb-entrytechnical-description
• https://nvd.nist.gov/vuln/detail/CVE-2026-1159

四、漏洞 CVE-2026-1159 的评论