29 matches found
CVE-2023-24192
CVE-2023-24192 affects Online Food Ordering System v2. A cross-site scripting (XSS) vulnerability exists in the login.php redirect parameter due to insufficient input validation/escaping. The CVSS 3.1 base metrics indicate NETWORK attack vector, LOW attack complexity, NONE privileges required, bu...
CVE-2023-24195
CVE-2023-24195 affects Online Food Ordering System v2. The issue is a cross-site scripting (XSS) vulnerability exploitable via the page parameter in index.php, caused by lack of proper filtering/escaping of user-supplied data. According to the CVE details, it has a CVSS v3.1 base score of 6.1 (ME...
CVE-2022-29651
The CVE-2022-29651 entry pertains to Online Food Ordering System v1.0, where an arbitrary file upload vulnerability in the Select Image feature can be exploited by uploading a crafted PHP file to achieve remote code execution. Available sources (NVD/NIST, Red Hat, CNVD, CVE listings) confirm the ...
CVE-2023-24194
CVE-2023-24194 affects Online Food Ordering System v2. A cross-site scripting (XSS) vulnerability exists in the navbar.php page parameter, enabling injection of malicious scripts. Core details: the flaw is tied to the page parameter handling in navbar.php; CVSS 3.1 base score 6.1 (MEDIUM) with us...
CVE-2023-24191
CVE-2023-24191 affects Online Food Ordering System v2, with a cross-site scripting (XSS) vulnerability triggered by the redirect parameter in signup.php. The CVSS 3.1 vector indicates Network attack, Low attack complexity, No privileges, User interaction required, and a Changed scope with Low imp...
CVE-2023-24647
Summary of CVE-2023-24647 (Food Ordering System v2.0) : A SQL injection vulnerability exists in the email parameter of Food Ordering System v2.0. The issue enables unauthorized disclosure of data, with a CVSS v3.1 base score of 7.5 (Impact: Confidentiality High; Integrity/Availability: None). Con...
CVE-2022-29650
The CVE-2022-29650 entry concerns Online Food Ordering System v1.0 and a SQL injection in the /online-food-order/food-search.php search parameter. The vulnerability is introduced via the Search input, enabling SQL injection attacks that could affect confidentiality, integrity, and availability ac...
CVE-2023-1432
SourceCodester Online Food Ordering System 2.0 has a vulnerability in the POST Request Handler, specifically the file path /fos/admin/ajax.php?action=save_settings. The issue is an improper access control in this endpoint, which could allow a remote attacker to exploit it without authentication. ...
CVE-2022-36759
CVE-2022-36759 affects Online Food Ordering System v1.0 with a SQL injection in the /dishes.php?res_id= parameter. The NVD entry lists a CVSS v3.1 base score of 9.8 (CRITICAL) with network attack vector, low complexity, and no privileges/UI required, impacting confidentiality, integrity, and avai...
CVE-2023-0256
SourceCodester Online Food Ordering System 2.0 has a SQL injection vulnerability in the login API endpoint /fos/admin/ajax.php?action=login, caused by unsafely handling the Username parameter. This can be exploited remotely without user interaction. Affected component: Login Page, specifically th...
CVE-2023-27073
CVE-2023-27073 affects Online Food Ordering System version 1.0. The connected documents corroborate a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change user details and credentials via a crafted POST request. The issue stems from CSRF exposure in the application, w...
CVE-2023-0257
CVE-2023-0257 affects SourceCodester Online Food Ordering System 2.0, specifically the Menu Form at /fos/admin/index.php?page=menu. The vulnerability stems from unrestricted file upload via the Image parameter, where input like can be used to upload and execute code remotely. Exploitation is rep...
CVE-2025-2387
SourceCodester Online Food Ordering System 2.0 contains a remote SQL injection in /admin/ajax.php?action=add_to_cart triggered by manipulating pid. The affected component is an unknown function, and the vulnerability is disclosed publicly, enabling exploitation without credentials. The CVE notes ...
CVE-2023-0258
The CVE-2023-0258 issue affects SourceCodester Online Food Ordering System v2.0, specifically the Category List Handler component. The root cause is improper handling of the Reason parameter, where input such as >" can trigger cross-site scripting. The PT-2023-16118 advisory confirms remote ex...
CVE-2023-0332
CVE-2023-0332 affects SourceCodester Online Food Ordering System 2.0. An SQL injection vulnerability exists in an unknown function of admin/manage_user.php where manipulating the id parameter enables a remote attack. The NVD entry lists a Critical severity (CVSSv3.1 base score 9.8) with network a...
CVE-2023-30122
CVE-2023-30122 describes an arbitrary file upload vulnerability in the Online Food Ordering System v2.0, specifically in the component /admin/ajax.php?action=save_menu. The underlying issue allows an attacker to upload a crafted PHP file and execute arbitrary code on the server. The public-facing...
CVE-2020-29297
CVE-2020-29297 : Multiple SQL injection vulnerabilities affect the tourist5 Online-food-ordering-system 1.0. Public data in the connected documents identify the flaw as unsafe SQL query construction leading to unauthorized data access and manipulation. The CVSSv3.1 base metrics are high (9.8, CRI...
CVE-2021-41644
CVE-2021-41644 affects Sourcecodester Online Food Ordering System 2.0. The vulnerability allows remote code execution through a maliciously crafted PHP file that bypasses image upload filters, enabling an attacker to upload and execute code. NVD reports high to critical severity (CVSS v2 7.5; v3....
CVE-2024-0247
CVE-2024-0247 affects CodeAstro Online Food Ordering System v1.0, specifically the Admin Panel’s unknown code in the /admin/ path. The vulnerability is a SQL injection triggered by manipulating the Username parameter in the Admin Panel, with remote exploitation and public disclosure of the exploi...
CVE-2023-24197
CVE-2023-24197 concerns Online Food Ordering System v2, where a SQL injection exists in the view_order.php endpoint via the id parameter. The root cause is insufficient validation of externally supplied SQL statements, allowing potentially unauthorized database access and data exposure as indicat...
CVE-2024-8604
CVE-2024-8604 affects SourceCodester Online Food Ordering System 2.0, specifically the Create an Account Page index.php. The root cause is input handling on the First Name/Last Name fields, where manipulation can trigger cross-site scripting. Exploitation is described as remote and without need f...
CVE-2023-24646
CVE-2023-24646 affects Food Ordering System v2.0; the vulnerability is an arbitrary file upload via /fos/admin/ajax.php that can lead to arbitrary code execution. The CVSS v3.1 base score is 9.8 (CRITICAL) with network access, no authentication, and high impact on confidentiality, integrity, and ...
CVE-2026-30534
SourceCodester Online Food Ordering System v1.0 is affected by a SQL Injection in admin/manage_category.php via the id parameter. The CVE entry provides no vendor-specific remediation in the connected docs; CVSS v3.1 base score is 8.3 (HIGH) with network attack vector, low attack complexity, priv...
CVE-2026-30530
CVE-2026-30530 is a SQL Injection flaw in SourceCodester Online Food Ordering System v1.0, specifically in Actions.php (save_customer) where the username input is not properly sanitized. The issue, confirmed by NVD and corroborated by Red Hat, ENISA EUVD, CNNVD, CNNVD mirrors, and other feeds, al...
CVE-2026-30527
The CVE-2026-30527 issue affects SourceCodester Online Food Ordering System v1.0, specifically in the Category management module of the admin panel. The vulnerability is a Stored XSS arising from insufficient sanitization of the Category Name field when creating or updating categories. When an ad...
CVE-2026-30533
CVE-2026-30533 targets SourceCodester Online Food Ordering System v1.0. The vulnerability is a SQL Injection in admin/manage_product.php via the id parameter. Reported metrics show CVSS v3.1 base score 9.8 (CRITICAL, NETWORK vector, no user interaction). Affected component: admin/manage_product.p...
CVE-2026-30529
CVE-2026-30529 affects SourceCodester Online Food Ordering System v1.0, specifically in Actions.php (save_user action). The vulnerability arises from improper sanitization of the username parameter, enabling an authenticated attacker to inject malicious SQL commands. Connected sources confirm the...
CVE-2026-30531
The CVE-2026-30531 entry affects SourceCodester Online Food Ordering System v1.0, specifically the Actions.php save_category action. The issue stems from improper sanitization of the name parameter, enabling SQL injection by an authenticated attacker. Impact described in the sources includes high...
CVE-2026-30532
CVE-2026-30532 describes a SQL Injection vulnerability in SourceCodester Online Food Ordering System v1.0, exposed via the admin/view_product.php file when using the id parameter. The vulnerability is documented as affecting the admin view_Product flow, with the root cause being unsafe constructi...