CVE-2023-45341

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database...

Sql injection

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-45346 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-45345 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'deleted' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-45344 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database...

PT-2023-29523 · Unknown · Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: Online Food Ordering System version 1.0 Description: The Online Food Ordering System is affected by multiple Unauthenticated SQL Injection vulnerabilities. The issue arises from the verified parameter of the routers/user-router.php resource,...

Geeklog router.php cross-site scripting vulnerability

Geeklog is free and open source blogging software. A cross-site scripting vulnerability exists in Geeklog router.php due to an incorrect validation of user-supplied input by the publichtml/admin/router.php script. An attacker could exploit the vulnerability to steal the victim's cookie-based...

CVE-2023-37787

Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php...

CVE-2022-3332 SourceCodester Food Ordering Management System POST Parameter router.php sql injection

A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System. This affects an unknown part of the file router.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to initiate the...

Sql injection

router.php in the Harmis Ek rishta aka ek-rishta 2.10 component for Joomla! allows SQL Injection via the PATHINFO to a home/requesteduser/Sent%20interest/ URI...

doobia.com XSS vulnerability

Vulnerable URL: https://doobia.com/investors-den/news-router.php?read=1"...

LotusCMS v3.0 /core/lib/router.php 代码执行漏洞

No description provided by source...

Lotus CMS Fraise v3.0 LFI - Remote Code Execution Exploit

Exploit for php platform in category web applications !/usr/bin/python Lotus CMS Fraise v3.0 LFI - Remote Code Execution Exploit greetz Tecr0C :0 Vuln: lines 15-23 in core/lib/router.php ---------- sof //Get page request if any $page = $this-getInputString"page", "index"; //Get plugin request if...

Lotus CMS Fraise 3.0 Local File Inclusion / Code Execution

!/usr/bin/python Lotus CMS Fraise v3.0 LFI - Remote Code Execution Exploit greetz Tecr0C :0 Vuln: lines 15-23 in core/lib/router.php ---------- sof //Get page request if any $page = $this-getInputString"page", "index"; //Get plugin request if any $plugin = $this-getInputString"system", "Page"; //...

Lotus CMS Fraise 3.0 - Local File Inclusion / Remote Code Execution

!/usr/bin/python Lotus CMS Fraise v3.0 LFI - Remote Code Execution Exploit greetz Tecr0C :0 Vuln: lines 15-23 in core/lib/router.php ---------- sof //Get page request if any $page = $this-getInputString"page", "index"; //Get plugin request if any $plugin = $this-getInputString"system", "Page"; //...