323 matches found
CVE-2023-45347
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'verified' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-45343
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ticketid' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-45343
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ticketid' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-45341
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-45336
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-45346 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-45338
The CVE-2023-45338 entry concerns Online Food Ordering System v1.0, with multiple unauthenticated SQL Injection flaws in the routers/add-ticket.php id parameter. The root cause is insufficient input validation, sending unfiltered input to the database. Documented impact is high on confidentiality...
CVE-2023-45343 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ticketid' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-45343
CVE-2023-45343 : Multiple unauthenticated SQL Injection vulnerabilities affect Online Food Ordering System v1.0. The issue stems from insufficient validation of the ticket_id parameter in routers/ticket-message.php, which passes unfiltered input to the database. Public sources in the connected do...
CVE-2023-45344 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-45342
CVE-2023-45342 affects Online Food Ordering System v1.0 and describes multiple unauthenticated SQL injection vulnerabilities in routers/register-router.php, caused by insufficient validation of the phone parameter, which is sent unfiltered to the database. Red Hat’s advisory mirrors the descripti...
CVE-2023-45329
Affected software: Online Food Ordering System, version 1.0. Vulnerability: unauthenticated SQL injection in routers/add-users.php; the unvalidated role parameter is sent to the database. Impact: potential for unauthorized data access/modification as described. Exploitation details: not provided ...
CVE-2023-45328
CVE-2023-45328 is rejected/not used and does not represent an active vulnerability entry.
CVE-2023-45325 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'address' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-45323 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-45018
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-45019 Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'category' parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-45018 Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-45018 Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-45017
The connected PT-2023-29358 entry identifies CVE-2023-45017 as an unauthenticated SQL Injection in Online Bus Booking System v1.0, caused by lack of validation on the destination parameter in search.php. This allows unfiltered input to reach the database; impact could include data disclosure or m...