14 matches found
CVE-2025-6161
CVE-2025-6161 affects SourceCodester Simple Food Ordering System 1.0. The vulnerability exists in an unknown function within the file /editproduct.php where manipulation of the photo parameter enables unrestricted file upload. The issue is remote and has public exploits disclosed. Multiple feeds ...
CVE-2025-11612
CVE-2025-11612 affects the Simple Food Ordering System 1.0, specifically the /addproduct.php script. The root cause is a lack of validation of the Category parameter, allowing an SQL injection that can be exploited remotely. Public exploit details exist. Several connected sources corroborate the ...
CVE-2025-11613
The CVE-2025-11613 issue affects the Simple Food Ordering System (version 1.0), specifically the /addcategory.php file. Reports consistently identify a SQL injection vulnerability arising from unsafely handling the cname parameter, enabling remote exploitation. Public exploit details are noted in...
CVE-2025-12300
The CVE-2025-12300 entry concerns code-projects Simple Food Ordering System 1.0. A cross-site scripting vulnerability exists in the /addcategory.php handler via the cname parameter, originating from insufficient input filtering/escaping. Exploitation is remote and public in some reports. Affected...
CVE-2025-10837
The CVE-2025-10837 entry concerns code-projects Simple Food Ordering System 1.0. Affects the file /ordersimple/order.php, where manipulation of the ID parameter enables cross-site scripting (XSS). The attack can be initiated remotely, and the exploit has been publicly disclosed. The connected sou...
CVE-2025-11600
The CVE-2025-11600 entry corresponds to a SQL injection in code-projects Simple Food Ordering System 1.0, specifically in the editcategory.php file where the cname parameter is not validated. This vulnerability enables remote attackers to manipulate SQL statements via the cname argument, potentia...
CVE-2025-11603
The CVE-2025-11603 entry concerns code-projects’ Simple Food Ordering System 1.0. A SQL injection vulnerability exists in the file /editproduct.php, triggered by manipulating the Category parameter. Multiple connected sources confirm a remote attacker could exploit this publicly disclosed vulnera...
CVE-2025-12302
The CVE-2025-12302 entry concerns code-projects Simple Food Ordering System 1.0, with a cross-site scripting vulnerability in /editproduct.php. The flaw arises from unsafely handling user-supplied data in the pname, category, and price parameters, enabling injected script through these fields. Re...
CVE-2025-12378
The CVE-2025-12378 entry corresponds to a vulnerability in code-projects Simple Food Ordering System 1.0, specifically in the upload handling of the parameter photo via /addproduct.php. The issue arises from lack of validation of uploaded files, allowing unrestricted upload when manipulating the ...
CVE-2025-11396
The CVE-2025-11396 entry concerns code-projects Simple Food Ordering System 1.0. A SQL injection can be triggered in the file /product.php by manipulating the Category argument (unknown function), with remote exploitation and public exploits reported. This is supported by multiple connected sourc...
CVE-2025-12299
CVE-2025-12299 affects code-projects Simple Food Ordering System 1.0. The vulnerability is a cross-site scripting flaw in /addproduct.php, triggered by manipulating the pname, category, or price parameters. It can be exploited remotely, and multiple sources note that public exploits exist. Report...
CVE-2025-12298
The CVE-2025-12298 entry concerns code-projects’ Simple Food Ordering System 1.0, with a cross-site scripting (XSS) flaw in /editcategory.php via the pname parameter. Public exploitation is indicated across multiple connected sources (CNVD, RH, NVD, CVE list, etc.), suggesting remote initiation a...
CVE-2025-13290
The CVE-2025-13290 issue affects Code-Projects Simple Food Ordering System 1.0, specifically the /saveorder.php file. The vulnerability is a SQL injection caused by improper handling of the ID argument, enabling remote exploitation. Publicly disclosed exploits exist. Connected sources do not prov...
CVE-2025-12301
CVE-2025-12301 affects the Simple Food Ordering System 1.0, specifically the file /editproduct.php where the photo parameter can be manipulated to trigger an unrestricted file upload vulnerability. The connected documents describe a lack of validation on uploaded files and indicate the issue can ...