CVE-2026-14622
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk40th percentile — higher than 40% of all known CVEs
Summary
A missing authentication vulnerability was found in the AJAX Endpoint component of restaurant-website-php-mysql, specifically in the /admin/ajax_files file. This allows remote manipulation without authentication. The exploit has been publicly disclosed, increasing attack risk.
Risk Assessment
The organization is exposed to unauthorized access to administrative functions, potentially leading to data leakage, content manipulation, or full application compromise.
Recommendation
Immediately implement authentication for the AJAX endpoint and consider temporarily restricting access to /admin/ajax_files until an official patch is released.
Original NVD description (English source)
A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajax_files of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.

