Lucene search
K
FabianSimple Food Ordering System

14 matches found

CVE
CVE
added 2025/06/17 4:31 a.m.35 views

CVE-2025-6161

CVE-2025-6161 affects SourceCodester Simple Food Ordering System 1.0. The vulnerability exists in an unknown function within the file /editproduct.php where manipulation of the photo parameter enables unrestricted file upload. The issue is remote and has public exploits disclosed. Multiple feeds ...

9.8CVSS7.2AI score0.00563EPSS
CVE
CVE
added 2025/10/11 7:2 p.m.27 views

CVE-2025-11612

CVE-2025-11612 affects the Simple Food Ordering System 1.0, specifically the /addproduct.php script. The root cause is a lack of validation of the Category parameter, allowing an SQL injection that can be exploited remotely. Public exploit details exist. Several connected sources corroborate the ...

8.8CVSS6.8AI score0.00309EPSS
CVE
CVE
added 2025/10/11 7:32 p.m.19 views

CVE-2025-11613

The CVE-2025-11613 issue affects the Simple Food Ordering System (version 1.0), specifically the /addcategory.php file. Reports consistently identify a SQL injection vulnerability arising from unsafely handling the cname parameter, enabling remote exploitation. Public exploit details are noted in...

8.8CVSS6.7AI score0.00309EPSS
CVE
CVE
added 2025/10/27 5:32 p.m.18 views

CVE-2025-12300

The CVE-2025-12300 entry concerns code-projects Simple Food Ordering System 1.0. A cross-site scripting vulnerability exists in the /addcategory.php handler via the cname parameter, originating from insufficient input filtering/escaping. Exploitation is remote and public in some reports. Affected...

6.1CVSS4.1AI score0.00356EPSS
CVE
CVE
added 2025/09/23 4:2 a.m.17 views

CVE-2025-10837

The CVE-2025-10837 entry concerns code-projects Simple Food Ordering System 1.0. Affects the file /ordersimple/order.php, where manipulation of the ID parameter enables cross-site scripting (XSS). The attack can be initiated remotely, and the exploit has been publicly disclosed. The connected sou...

5.4CVSS5.3AI score0.00219EPSS
Web
CVE
CVE
added 2025/10/11 12:32 p.m.17 views

CVE-2025-11600

The CVE-2025-11600 entry corresponds to a SQL injection in code-projects Simple Food Ordering System 1.0, specifically in the editcategory.php file where the cname parameter is not validated. This vulnerability enables remote attackers to manipulate SQL statements via the cname argument, potentia...

8.8CVSS6.7AI score0.00308EPSS
CVE
CVE
added 2025/10/11 1:32 p.m.16 views

CVE-2025-11603

The CVE-2025-11603 entry concerns code-projects’ Simple Food Ordering System 1.0. A SQL injection vulnerability exists in the file /editproduct.php, triggered by manipulating the Category parameter. Multiple connected sources confirm a remote attacker could exploit this publicly disclosed vulnera...

8.8CVSS6.5AI score0.00351EPSS
CVE
CVE
added 2025/10/27 6:2 p.m.16 views

CVE-2025-12302

The CVE-2025-12302 entry concerns code-projects Simple Food Ordering System 1.0, with a cross-site scripting vulnerability in /editproduct.php. The flaw arises from unsafely handling user-supplied data in the pname, category, and price parameters, enabling injected script through these fields. Re...

6.1CVSS4.2AI score0.00351EPSS
Web
CVE
CVE
added 2025/10/28 5:32 a.m.16 views

CVE-2025-12378

The CVE-2025-12378 entry corresponds to a vulnerability in code-projects Simple Food Ordering System 1.0, specifically in the upload handling of the parameter photo via /addproduct.php. The issue arises from lack of validation of uploaded files, allowing unrestricted upload when manipulating the ...

9.8CVSS7.2AI score0.00479EPSS
CVE
CVE
added 2025/10/07 1:2 p.m.15 views

CVE-2025-11396

The CVE-2025-11396 entry concerns code-projects Simple Food Ordering System 1.0. A SQL injection can be triggered in the file /product.php by manipulating the Category argument (unknown function), with remote exploitation and public exploits reported. This is supported by multiple connected sourc...

9.8CVSS6.8AI score0.00441EPSS
CVE
CVE
added 2025/10/27 5:2 p.m.15 views

CVE-2025-12299

CVE-2025-12299 affects code-projects Simple Food Ordering System 1.0. The vulnerability is a cross-site scripting flaw in /addproduct.php, triggered by manipulating the pname, category, or price parameters. It can be exploited remotely, and multiple sources note that public exploits exist. Report...

6.1CVSS5.6AI score0.00356EPSS
Web
CVE
CVE
added 2025/10/27 5:2 p.m.14 views

CVE-2025-12298

The CVE-2025-12298 entry concerns code-projects’ Simple Food Ordering System 1.0, with a cross-site scripting (XSS) flaw in /editcategory.php via the pname parameter. Public exploitation is indicated across multiple connected sources (CNVD, RH, NVD, CVE list, etc.), suggesting remote initiation a...

6.1CVSS5.4AI score0.00351EPSS
CVE
CVE
added 2025/11/17 4:32 p.m.14 views

CVE-2025-13290

The CVE-2025-13290 issue affects Code-Projects Simple Food Ordering System 1.0, specifically the /saveorder.php file. The vulnerability is a SQL injection caused by improper handling of the ID argument, enabling remote exploitation. Publicly disclosed exploits exist. Connected sources do not prov...

8.8CVSS6.4AI score0.00276EPSS
CVE
CVE
added 2025/10/27 5:32 p.m.13 views

CVE-2025-12301

CVE-2025-12301 affects the Simple Food Ordering System 1.0, specifically the file /editproduct.php where the photo parameter can be manipulated to trigger an unrestricted file upload vulnerability. The connected documents describe a lack of validation on uploaded files and indicate the issue can ...

9.8CVSS7.2AI score0.00479EPSS