Lucene search
+L
Oretnom23Online Food Ordering System

29 matches found

CVE
CVE
added 2023/02/06 12:0 a.m.123 views

CVE-2023-24192

CVE-2023-24192 affects Online Food Ordering System v2. A cross-site scripting (XSS) vulnerability exists in the login.php redirect parameter due to insufficient input validation/escaping. The CVSS 3.1 base metrics indicate NETWORK attack vector, LOW attack complexity, NONE privileges required, bu...

6.1CVSS6AI score0.00486EPSS
CVE
CVE
added 2023/02/06 12:0 a.m.120 views

CVE-2023-24195

CVE-2023-24195 affects Online Food Ordering System v2. The issue is a cross-site scripting (XSS) vulnerability exploitable via the page parameter in index.php, caused by lack of proper filtering/escaping of user-supplied data. According to the CVE details, it has a CVSS v3.1 base score of 6.1 (ME...

6.1CVSS6AI score0.00486EPSS
CVE
CVE
added 2022/05/25 12:50 p.m.119 views

CVE-2022-29651

The CVE-2022-29651 entry pertains to Online Food Ordering System v1.0, where an arbitrary file upload vulnerability in the Select Image feature can be exploited by uploading a crafted PHP file to achieve remote code execution. Available sources (NVD/NIST, Red Hat, CNVD, CVE listings) confirm the ...

7.2CVSS7.2AI score0.01434EPSS
CVE
CVE
added 2023/02/06 12:0 a.m.115 views

CVE-2023-24194

CVE-2023-24194 affects Online Food Ordering System v2. A cross-site scripting (XSS) vulnerability exists in the navbar.php page parameter, enabling injection of malicious scripts. Core details: the flaw is tied to the page parameter handling in navbar.php; CVSS 3.1 base score 6.1 (MEDIUM) with us...

6.1CVSS6AI score0.00486EPSS
CVE
CVE
added 2023/02/06 12:0 a.m.114 views

CVE-2023-24191

CVE-2023-24191 affects Online Food Ordering System v2, with a cross-site scripting (XSS) vulnerability triggered by the redirect parameter in signup.php. The CVSS 3.1 vector indicates Network attack, Low attack complexity, No privileges, User interaction required, and a Changed scope with Low imp...

6.1CVSS6AI score0.00486EPSS
CVE
CVE
added 2023/02/13 12:0 a.m.80 views

CVE-2023-24647

Summary of CVE-2023-24647 (Food Ordering System v2.0) : A SQL injection vulnerability exists in the email parameter of Food Ordering System v2.0. The issue enables unauthorized disclosure of data, with a CVSS v3.1 base score of 7.5 (Impact: Confidentiality High; Integrity/Availability: None). Con...

7.5CVSS7.8AI score0.00736EPSS
CVE
CVE
added 2022/05/25 12:50 p.m.72 views

CVE-2022-29650

The CVE-2022-29650 entry concerns Online Food Ordering System v1.0 and a SQL injection in the /online-food-order/food-search.php search parameter. The vulnerability is introduced via the Search input, enabling SQL injection attacks that could affect confidentiality, integrity, and availability ac...

9.8CVSS9.8AI score0.01171EPSS
Web
CVE
CVE
added 2023/03/16 12:50 p.m.66 views

CVE-2023-1432

SourceCodester Online Food Ordering System 2.0 has a vulnerability in the POST Request Handler, specifically the file path /fos/admin/ajax.php?action=save_settings. The issue is an improper access control in this endpoint, which could allow a remote attacker to exploit it without authentication. ...

9.8CVSS8.5AI score0.00591EPSS
Web
CVE
CVE
added 2022/09/02 2:37 a.m.62 views

CVE-2022-36759

CVE-2022-36759 affects Online Food Ordering System v1.0 with a SQL injection in the /dishes.php?res_id= parameter. The NVD entry lists a CVSS v3.1 base score of 9.8 (CRITICAL) with network attack vector, low complexity, and no privileges/UI required, impacting confidentiality, integrity, and avai...

9.8CVSS9.8AI score0.00927EPSS
CVE
CVE
added 2023/01/12 9:3 p.m.57 views

CVE-2023-0256

SourceCodester Online Food Ordering System 2.0 has a SQL injection vulnerability in the login API endpoint /fos/admin/ajax.php?action=login, caused by unsafely handling the Username parameter. This can be exploited remotely without user interaction. Affected component: Login Page, specifically th...

9.8CVSS8.3AI score0.00496EPSS
Web
CVE
CVE
added 2023/03/14 12:0 a.m.53 views

CVE-2023-27073

CVE-2023-27073 affects Online Food Ordering System version 1.0. The connected documents corroborate a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change user details and credentials via a crafted POST request. The issue stems from CSRF exposure in the application, w...

6.5CVSS6.4AI score0.00262EPSS
CVE
CVE
added 2023/01/12 9:9 p.m.52 views

CVE-2023-0257

CVE-2023-0257 affects SourceCodester Online Food Ordering System 2.0, specifically the Menu Form at /fos/admin/index.php?page=menu. The vulnerability stems from unrestricted file upload via the Image parameter, where input like can be used to upload and execute code remotely. Exploitation is rep...

9.8CVSS7.1AI score0.00542EPSS
Web
CVE
CVE
added 2025/03/17 5:31 p.m.52 views

CVE-2025-2387

SourceCodester Online Food Ordering System 2.0 contains a remote SQL injection in /admin/ajax.php?action=add_to_cart triggered by manipulating pid. The affected component is an unknown function, and the vulnerability is disclosed publicly, enabling exploitation without credentials. The CVE notes ...

9.8CVSS7.6AI score0.00487EPSS
Web
CVE
CVE
added 2023/01/12 9:20 p.m.51 views

CVE-2023-0258

The CVE-2023-0258 issue affects SourceCodester Online Food Ordering System v2.0, specifically the Category List Handler component. The root cause is improper handling of the Reason parameter, where input such as >" can trigger cross-site scripting. The PT-2023-16118 advisory confirms remote ex...

6.1CVSS4.7AI score0.00357EPSS
CVE
CVE
added 2023/01/17 7:29 a.m.51 views

CVE-2023-0332

CVE-2023-0332 affects SourceCodester Online Food Ordering System 2.0. An SQL injection vulnerability exists in an unknown function of admin/manage_user.php where manipulating the id parameter enables a remote attack. The NVD entry lists a Critical severity (CVSSv3.1 base score 9.8) with network a...

9.8CVSS8.9AI score0.00915EPSS
Web
CVE
CVE
added 2023/05/05 12:0 a.m.51 views

CVE-2023-30122

CVE-2023-30122 describes an arbitrary file upload vulnerability in the Online Food Ordering System v2.0, specifically in the component /admin/ajax.php?action=save_menu. The underlying issue allows an attacker to upload a crafted PHP file and execute arbitrary code on the server. The public-facing...

9.8CVSS9.5AI score0.00983EPSS
CVE
CVE
added 2023/01/20 12:0 a.m.50 views

CVE-2020-29297

CVE-2020-29297 : Multiple SQL injection vulnerabilities affect the tourist5 Online-food-ordering-system 1.0. Public data in the connected documents identify the flaw as unsafe SQL query construction leading to unauthorized data access and manipulation. The CVSSv3.1 base metrics are high (9.8, CRI...

9.8CVSS9.9AI score0.0082EPSS
CVE
CVE
added 2021/10/29 4:55 p.m.50 views

CVE-2021-41644

CVE-2021-41644 affects Sourcecodester Online Food Ordering System 2.0. The vulnerability allows remote code execution through a maliciously crafted PHP file that bypasses image upload filters, enabling an attacker to upload and execute code. NVD reports high to critical severity (CVSS v2 7.5; v3....

9.8CVSS9.5AI score0.02372EPSS
CVE
CVE
added 2024/01/05 7:0 p.m.50 views

CVE-2024-0247

CVE-2024-0247 affects CodeAstro Online Food Ordering System v1.0, specifically the Admin Panel’s unknown code in the /admin/ path. The vulnerability is a SQL injection triggered by manipulating the Username parameter in the Admin Panel, with remote exploitation and public disclosure of the exploi...

9.8CVSS9.7AI score0.00779EPSS
Web
CVE
CVE
added 2023/02/06 12:0 a.m.49 views

CVE-2023-24197

CVE-2023-24197 concerns Online Food Ordering System v2, where a SQL injection exists in the view_order.php endpoint via the id parameter. The root cause is insufficient validation of externally supplied SQL statements, allowing potentially unauthorized database access and data exposure as indicat...

6.1CVSS6.6AI score0.00461EPSS
CVE
CVE
added 2024/09/09 4:0 p.m.49 views

CVE-2024-8604

CVE-2024-8604 affects SourceCodester Online Food Ordering System 2.0, specifically the Create an Account Page index.php. The root cause is input handling on the First Name/Last Name fields, where manipulation can trigger cross-site scripting. Exploitation is described as remote and without need f...

6.9CVSS4.6AI score0.00546EPSS
Web
CVE
CVE
added 2023/02/13 12:0 a.m.47 views

CVE-2023-24646

CVE-2023-24646 affects Food Ordering System v2.0; the vulnerability is an arbitrary file upload via /fos/admin/ajax.php that can lead to arbitrary code execution. The CVSS v3.1 base score is 9.8 (CRITICAL) with network access, no authentication, and high impact on confidentiality, integrity, and ...

9.8CVSS9.5AI score0.01071EPSS
CVE
CVE
added 2026/03/27 12:0 a.m.16 views

CVE-2026-30534

SourceCodester Online Food Ordering System v1.0 is affected by a SQL Injection in admin/manage_category.php via the id parameter. The CVE entry provides no vendor-specific remediation in the connected docs; CVSS v3.1 base score is 8.3 (HIGH) with network attack vector, low attack complexity, priv...

8.3CVSS6AI score0.00328EPSS
Web
CVE
CVE
added 2026/03/27 12:0 a.m.15 views

CVE-2026-30530

CVE-2026-30530 is a SQL Injection flaw in SourceCodester Online Food Ordering System v1.0, specifically in Actions.php (save_customer) where the username input is not properly sanitized. The issue, confirmed by NVD and corroborated by Red Hat, ENISA EUVD, CNNVD, CNNVD mirrors, and other feeds, al...

9.8CVSS6AI score0.00476EPSS
CVE
CVE
added 2026/03/27 12:0 a.m.13 views

CVE-2026-30527

The CVE-2026-30527 issue affects SourceCodester Online Food Ordering System v1.0, specifically in the Category management module of the admin panel. The vulnerability is a Stored XSS arising from insufficient sanitization of the Category Name field when creating or updating categories. When an ad...

5.4CVSS5.9AI score0.00229EPSS
CVE
CVE
added 2026/03/27 12:0 a.m.13 views

CVE-2026-30533

CVE-2026-30533 targets SourceCodester Online Food Ordering System v1.0. The vulnerability is a SQL Injection in admin/manage_product.php via the id parameter. Reported metrics show CVSS v3.1 base score 9.8 (CRITICAL, NETWORK vector, no user interaction). Affected component: admin/manage_product.p...

9.8CVSS6AI score0.00394EPSS
Web
CVE
CVE
added 2026/03/27 12:0 a.m.12 views

CVE-2026-30529

CVE-2026-30529 affects SourceCodester Online Food Ordering System v1.0, specifically in Actions.php (save_user action). The vulnerability arises from improper sanitization of the username parameter, enabling an authenticated attacker to inject malicious SQL commands. Connected sources confirm the...

8.8CVSS6AI score0.00446EPSS
CVE
CVE
added 2026/03/27 12:0 a.m.12 views

CVE-2026-30531

The CVE-2026-30531 entry affects SourceCodester Online Food Ordering System v1.0, specifically the Actions.php save_category action. The issue stems from improper sanitization of the name parameter, enabling SQL injection by an authenticated attacker. Impact described in the sources includes high...

8.8CVSS6AI score0.00445EPSS
CVE
CVE
added 2026/03/27 12:0 a.m.12 views

CVE-2026-30532

CVE-2026-30532 describes a SQL Injection vulnerability in SourceCodester Online Food Ordering System v1.0, exposed via the admin/view_product.php file when using the id parameter. The vulnerability is documented as affecting the admin view_Product flow, with the root cause being unsafe constructi...

9.8CVSS6AI score0.0033EPSS
Web