Simple Food Ordering System editproduct.php File Upload Vulnerability

Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System has a file upload vulnerability that stems from the lack of valid validation of uploaded files by the parameter photo in the file /editproduct.php. No details of the vulnerability are available at this time...

CVE-2025-12302

A vulnerability was detected in code-projects Simple Food Ordering System 1.0. The affected element is an unknown function of the file /editproduct.php. Performing manipulation of the argument pname/category/price results in cross site scripting. The attack may be initiated remotely. The exploit ...

CVE-2025-12301

A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /editproduct.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed...

CVE-2025-12301

A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /editproduct.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed...

CVE-2025-12302

A vulnerability was detected in code-projects Simple Food Ordering System 1.0. The affected element is an unknown function of the file /editproduct.php. Performing manipulation of the argument pname/category/price results in cross site scripting. The attack may be initiated remotely. The exploit ...

CVE-2025-12302 code-projects Simple Food Ordering System editproduct.php cross site scripting

A vulnerability was detected in code-projects Simple Food Ordering System 1.0. The affected element is an unknown function of the file /editproduct.php. Performing manipulation of the argument pname/category/price results in cross site scripting. The attack may be initiated remotely. The exploit ...

CVE-2025-12301

CVE-2025-12301 affects the Simple Food Ordering System 1.0, specifically the file /editproduct.php where the photo parameter can be manipulated to trigger an unrestricted file upload vulnerability. The connected documents describe a lack of validation on uploaded files and indicate the issue can ...

PT-2025-43995

Name of the Vulnerable Software and Affected Versions Simple Food Ordering System version 1.0 Description A security issue exists that allows for unrestricted file upload. This occurs due to manipulation of the photo argument within an unknown function of the /editproduct.php file. The attack can...

PT-2025-44002

Name of the Vulnerable Software and Affected Versions Simple Food Ordering System version 1.0 Description A security issue exists in Simple Food Ordering System 1.0 where manipulation of the pname/category/price argument in the /editproduct.php file can lead to cross site scripting. This issue ca...

EUVD-2025-33863

A vulnerability was found in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /editproduct.php. The manipulation of the argument Category results in sql injection. The attack may be launched remotely. The exploit has been made public and could be...

EUVD-2022-37852

Malicious code in bioql PyPI...

Inventory Management System editProduct.php File SQL Injection Vulnerability

Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that stems from improper handling of the editProductName parameter in the /phpaction/editProduct.php file. No details of the vulnerability are available at this time...

CVE-2025-6823 code-projects Inventory Management System editProduct.php sql injection

A vulnerability was found in code-projects Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /phpaction/editProduct.php. The manipulation of the argument editProductName leads to sql injection. The attack may be initiated...

CVE-2024-5049

A vulnerability, which was classified as critical, has been found in Codezips E-Commerce Site 1.0. Affected by this issue is some unknown functionality of the file admin/editproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack may be launched remotely...

CVE-2024-7189 itsourcecode Online Food Ordering System editproduct.php unrestricted upload

A vulnerability classified as critical has been found in itsourcecode Online Food Ordering System 1.0. Affected is an unknown function of the file editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has be...

CVE-2024-7189 itsourcecode Online Food Ordering System editproduct.php unrestricted upload

A vulnerability classified as critical has been found in itsourcecode Online Food Ordering System 1.0. Affected is an unknown function of the file editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has be...

CVE-2024-5049 Codezips E-Commerce Site editproduct.php unrestricted upload

A vulnerability, which was classified as critical, has been found in Codezips E-Commerce Site 1.0. Affected by this issue is some unknown functionality of the file admin/editproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack may be launched remotely...

CVE-2024-5049

CVE-2024-5049 affects Codezips E-Commerce Site 1.0. The vulnerability is in admin/editproduct.php where manipulating the profilepic parameter leads to unrestricted file upload, enabling remote abuse. The issue is tied to unknown functionality in the editproduct.php handling of profilepic, enablin...

CVE-2023-46580

CVE-2023-46580 describes a cross-site scripting (XSS) vulnerability in Inventory Management V1.0 where the pname parameter of the editProduct.php component can be exploited to run arbitrary script in the victim’s browser. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) indicates a netwo...

Inventory Management System Cross-Site Scripting Vulnerability

Inventory Management System is an inventory management system by the individual developer of stemword. A cross-site scripting vulnerability exists in Inventory Management System version V1.0 that could allow an attacker to execute arbitrary code via the pname parameter of the editProduct.php...