GHSA-FF5Q-CC22-FGP4 WWBN AVideo has a CORS Origin Reflection Bypass via plugin/API/router.php and allowOrigin(true) Exposes Authenticated API Responses

Summary The CORS origin validation fix in commit 986e64aad is incomplete. Two separate code paths still reflect arbitrary Origin headers with credentials allowed for all /api/ endpoints: 1 plugin/API/router.php lines 4-8 unconditionally reflect any origin before application code runs, and 2...

CVE-2026-5018

CVE-2026-5018 concerns code-projects Simple Food Order System 1.0. The vulnerability lies in an unknown function within the Parameter Handler’s register-router.php, where manipulating the Name argument can cause SQL injection. The attack is remote, and exploit code is publicly available. Several ...

CVE-2023-45346

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database...

EUVD-2018-4232

Malware in sbrugna...

CVE-2023-37787

Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php...

CVE-2023-45341

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2022-3332

A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System. This affects an unknown part of the file router.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to initiate the...

CVE-2025-4548

A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/router.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-4549 Campcodes Online Food Ordering System register-router.php sql injection

A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/register-router.php. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-4548 Campcodes Online Food Ordering System router.php sql injection

A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/router.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

PT-2025-20670 · Unknown · Campcodes Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Food Ordering System version 1.0 Description: A critical vulnerability has been found in the Campcodes Online Food Ordering System. This issue affects an unknown part of the file /routers/router.php and allows for SQL injecti...

CVE-2025-4506

CVE-2025-4506 affects Campcodes Online Food Ordering System 1.0. The vulnerability is a SQL injection in the file /routers/menu-router.php, triggered by manipulating the argument 1_price. It is exposed remotely and has been publicly disclosed. Several connected sources corroborate the issue and t...

CVE-2025-4506 Campcodes Online Food Ordering System menu-router.php sql injection

A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /routers/menu-router.php. The manipulation of the argument 1price leads to sql injection. The attack may be launched remotely. Th...

CVE-2025-4506 Campcodes Online Food Ordering System menu-router.php sql injection

A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /routers/menu-router.php. The manipulation of the argument 1price leads to sql injection. The attack may be launched remotely. Th...

PT-2025-20632 · Unknown · Campcodes Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Food Ordering System version 1.0 Description: A critical issue was found in the Campcodes Online Food Ordering System, affecting some unknown functionality of the file /routers/menu-router.php. The manipulation of the argumen...

CVE-2025-4489 Campcodes Online Food Ordering System user-router.php sql injection

A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /routers/user-router.php. The manipulation of the argument t1verified leads to sql injection. The attack may be launched remotely...

PT-2025-20596 · Unknown · Campcodes Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Food Ordering System version 1.0 Description: A critical issue affects some unknown functionality of the file /routers/user-router.php, where the manipulation of the t1 verified argument leads to SQL injection. This issue can...

CVE-2024-6217 SourceCodester Food Ordering Management System user-router.php sql injection

A vulnerability classified as critical was found in SourceCodester Food Ordering Management System 1.0. Affected by this vulnerability is an unknown functionality of the file user-router.php. The manipulation of the argument 1verified leads to sql injection. The attack can be launched remotely. T...

CVE-2023-45345

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'deleted' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database...

Sql injection

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'deleted' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database...