compliance · MITRE
A missing authentication vulnerability was identified in jairiidriss restaurant-website-php-mysql affecting the AJAX Endpoint component at the /admin/ajax_files file. According to MITRE's National Vulnerability Database, the vulnerability allows remote manipulation without authentication. The product uses a rolling release strategy, so specific version numbers are not available; the affected commit is 521428b5b612449df0cf4a5d15ee40cba67f3d35. A public exploit is available, and the project maintainer was notified early but has not yet responded.
For organizations deploying PHP-based web applications in regulated environments, unauthenticated AJAX endpoints represent a critical control gap. Healthcare providers subject to HIPAA and fintechs handling payment data should audit any use of this library for admin-level functionality; unauthenticated administrative interfaces violate baseline access controls required by HIPAA Security Rule and PCI DSS. SaaS teams pursuing SOC2 Type II certification must ensure all administrative endpoints enforce authentication and logging. Defense contractors handling CUI should evaluate whether this component appears in any supply chain dependencies and apply compensating controls immediately. An Omniware engagement can scope a dependency audit and remediation strategy tailored to your compliance requirements.
Source: MITRE National Vulnerability Database - https://nvd.nist.gov/vuln/detail/CVE-2026-14622
Source: MITRE
All briefings