CVE-2026-24494

SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of Order Up Online Ordering System 1.0 allows an unauthenticated attacker to access sensitive backend database data via a crafted storeid parameter in a POST request...

CVE-2026-24494

SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of Order Up Online Ordering System 1.0 allows an unauthenticated attacker to access sensitive backend database data via a crafted storeid parameter in a POST request...

CVE-2026-24494

SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of Order Up Online Ordering System 1.0 allows an unauthenticated attacker to access sensitive backend database data via a crafted storeid parameter in a POST request...

CVE-2026-24494 SQL injection vulnerability in Order Up Online Ordering System

SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of Order Up Online Ordering System 1.0 allows an unauthenticated attacker to access sensitive backend database data via a crafted storeid parameter in a POST request...

PT-2026-21487

Name of the Vulnerable Software and Affected Versions Order Up Online Ordering System version 1.0 Description A SQL Injection flaw exists in the /api/integrations/getintegrations API endpoint of Order Up Online Ordering System 1.0. An unauthenticated attacker can exploit this issue by sending a...

CVE-2025-15213 code-projects Student File Management System File Download download.php improper authorization

A vulnerability has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /download.php of the component File Download Handler. The manipulation of the argument storeid leads to improper authorization. The attack is possible to be...