CVE-2024-5636

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file report/index.php. The manipulation of the argument procduct leads to sql injection. The attack may be launched remotely. The...

Cross site scripting

A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file dishes.php. The manipulation of the argument resid leads to cross site scripting. The attack may be launched remotely. The...

CVE-2023-1460

A vulnerability was found in SourceCodester Online Pizza Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file admin/ajax.php?action=saveuser of the component Password Change Handler. The manipulation leads to improper authentication. It is possible to...

CVE-2023-1311

CVE-2023-1311 : Vulnerability in SourceCodester Friendly Island Pizza Website and Ordering System 1.0, specifically in the file large.php under the GET Parameter Handler. The manipulation of the GET parameter id leads to SQL injection. The issue can be exploited remotely and the exploit has been ...

CVE-2023-27211

A cross-site scripting XSS vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter...

CVE-2023-27208

A cross-site scripting (XSS) vulnerability affects Online Pizza Ordering System 1.0, exploitable via /php-opos/login.php where an attacker can inject a crafted payload into the redirect parameter to execute arbitrary web scripts or HTML. The vulnerability is documented across multiple sources (e....

CVE-2023-0987

A vulnerability classified as problematic was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file index.php?page=checkout. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed...

Cross site scripting

A vulnerability classified as problematic was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file index.php?page=checkout. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed...

Sql injection

Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0...

CVE-2022-3714

A vulnerability classified as critical has been found in SourceCodester Online Medicine Ordering System 1.0. Affected is an unknown function of the file admin/?page=orders/vieworder. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-2123...

Cross site scripting

A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0. Affected is the file Master.php of the Master List. The manipulation of the argument Description with the input foo " leads to cross site scripting. It is possible to launch the attack remotely but it...

CVE-2022-30797

CVE-2022-30797 affects Online Ordering System 1.0 (admin/vieworders.php) and is caused by an SQL injection vulnerability. Affected component is the web application's admin view orders interface; the root cause is improper input handling/validation on that page. Documented impact includes potentia...

CVE-2021-28294

CVE-2021-28294 affects Online Ordering System 1.0. The vulnerability is an arbitrary file upload via the endpoint /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE). Several connected sources corroborate the RCE risk and the specific upload vector; an expl...

Online Ordering System 1.0 - Blind SQL Injection (Unauthenticated) Vulnerability

Exploit Title: Online Ordering System 1.0 - Blind SQL Injection Unauthenticated Exploit Author: Suraj Bhosale Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html Version: v1.0 Vulnerable endpoint:...

Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution Vulnerability

Exploit Title: Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution Exploit Author: Suraj Bhosale Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html Version: 1.0 Tested on Windows...

CVE-2007-0144

The CVE-2007-0144 entry documents a Cross-site scripting (XSS) vulnerability in search.asp of Digitizing Quote And Ordering System 1.0. The issue allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter. The NVD notes a MEDIUM base score (6.8) with n...

CVE-2006-6911

SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter...

CVE-2007-0144

Cross-site scripting XSS vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter...