15 matches found
CVE-2022-2686
CVE-2022-2686 affects oretnom23 Fast Food Ordering System, with the vulnerability in the Menu List Page where the Description argument can be manipulated to trigger cross-site scripting. The issue can be exploited remotely, and public exploitation details have been disclosed (VDB-205725). Several...
CVE-2022-32318
The Connected documents confirm a persistent cross-site scripting (XSS) vulnerability in Fast Food Ordering System v1.0, exploitable via the request parameter in /ffos/classes/Master.php?f=save_category. The CVE entry (CVE-2022-32318) identifies the affected product as Fast Food Ordering System v...
CVE-2022-32332
Fast Food Ordering System v1.0 is vulnerable to SQL Injection in Master.php?f=delete_category due to missing input validation, enabling attackers to manipulate queries and potentially access or exfiltrate data. The sources do not provide a published patch/version for remediation or explicit explo...
CVE-2022-32336
CVE-2022-32336 concerns the Fast Food Ordering System v1.0, which is vulnerable to SQL Injection via the parameter id in /ffos/admin/menus/view_menu.php. The connected documents corroborate a lack of input validation that allows arbitrary SQL execution against the database, enabling data leakage ...
CVE-2022-32333
CVE-2022-32333 affects Fast Food Ordering System v1.0. The vulnerability is a SQL Injection in the admin receipt page, disclosed as /ffos/admin/sales/receipt.php?id=. The connected sources confirm a database query manipulation vector exposing Partial/High impact possibilities (per CVSS data, with...
CVE-2022-32328
CVE-2022-32328 affects Fast Food Ordering System v1.0. The vulnerability is an arbitrary file deletion issue exploitable through the API endpoint /ffos/classes/Master.php?f=delete_img due to insufficient input/permission validation in the delete_img function. Impact statements in sources indicate...
CVE-2022-1991
CVE-2022-1991 affects Fast Food Ordering System 1.0, targeting the Master.php Master List. The issue is a cross-site scripting (XSS) vulnerability caused by unsanitized input in the Description parameter (example payload: foo "'>). Exploitation is possible remotely but requires authentication....
CVE-2022-32330
The CVE-2022-32330 entry concerns Fast Food Ordering System v1.0, where a SQL Injection vulnerability exists in Master.php?f=delete_menu. The connected documents clearly identify the affected application/file path and the underlying flaw (input for SQL statements not being validated), indicating ...
CVE-2022-3012
CVE-2022-3012 concerns the oretnom23 Fast Food Ordering System. Multiple connected sources confirm a vulnerability in the ffos/admin/reports/index.php component where manipulating the date parameter enables SQL injection. The flaw is exploitable remotely and has been publicly disclosed. Documents...
CVE-2022-3015
CVE-2022-3015 affects oretnom23 Fast Food Ordering System, specifically the admin/?page=reports handling. The root cause is manipulation of the date parameter, enabling cross-site scripting (XSS). The vulnerability is exploitable remotely; attack complexity is low and no privileges are required, ...
CVE-2022-32331
CVE-2022-32331 affects Fast Food Ordering System v1.0. The issue is a SQL Injection in /ffos/admin/categories/view_category.php?id=, caused by unsanitized external input in the query. The CVE is corroborated by multiple sources (NVD, Red Hat, CNVD, CNVD-derived CNVD-2022-48950, and others) listin...
CVE-2022-32334
CVE-2022-32334 affects Fast Food Ordering System v1.0. The vulnerability is an SQL injection in /ffos/admin/categories/manage_category.php?id= due to lack of input validation for the id parameter. Documented impact is SQL data access/exfiltration via the vulnerable parameter (high severity per CV...
CVE-2022-32335
CVE-2022-32335 affects the Fast Food Ordering System v1.0. The vulnerability is a SQL Injection in /ffos/admin/menus/manage_menu.php?id=, caused by lack of input validation for external SQL statements. Exploitation could allow attackers to access or manipulate database data. Documented impacts ar...
CVE-2022-43082
CVE-2022-43082 describes an XSS vulnerability in the Fast Food Ordering System v1.0, exploitable via the customer parameter in /fastfood/purchase.php. The issue is tied to the /fastfood/purchase.php endpoint, with the root cause implied as improper handling of user-supplied input. Affected compon...
CVE-2022-43081
CVE-2022-43081 concerns the product Fast Food Ordering System v1.0 , with a documented vulnerability in the /fastfood/purchase.php component that enables a SQL injection . The connected sources consistently identify this issue as a SQL injection affecting the purchase endpoint; no explicit exploi...