3 matches found
CVE-2022-30015
In CVE-2022-30015, a stored XSS exists in Simple Food Website 1.0. The vulnerability arises when a moderator submits payloads in any input field on http://127.0.0.1:1234/food/admin/all_users.php (e.g., Full Username), leading to stored cross-site scripting. Affected software/component: Simple Foo...
CVE-2022-30014
CVE-2022-30014 affects Lumidek Associates Simple Food Website 1.0. The vulnerability is a Cross Site Request Forgery (CSRF) that can allow an attacker to take over the administrator/moderator account because the web application does not adequately validate requests from a trusted user. Root cause...
CVE-2021-34166
CVE-2021-34166 concerns Sourcecodester Simple Food Website 1.0, where a SQL injection vulnerability in the application enables a remote attacker to bypass authentication and gain admin privileges. The NVD entry documents a high/critical impact profile (CVSS v3.1: 9.8, sequence NETWORK/LOW complex...