CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45344 – Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45344
02 Nov 2023 — Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. Online Food Ordering System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro '*_balance' del recurso routers/user-router.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/hann • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45342 – Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45342
02 Nov 2023 — Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/register-router.php resource does not validate the characters received and they are sent unfiltered to the database. Online Food Ordering System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'phone' del recurso routers/register-router.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/hann • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45340 – Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45340
02 Nov 2023 — Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database. Online Food Ordering System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'phone' del recurso routers/details-router.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/hann • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45336 – Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45336
02 Nov 2023 — Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database. Online Food Ordering System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'password' del recurso routers/router.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/hann • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45334 – Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45334
02 Nov 2023 — Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database. Online Food Ordering System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'status' del recurso routers/edit-orders.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/hann • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45325 – Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45325
02 Nov 2023 — Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'address' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database. Online Food Ordering System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'address' del recurso routers/add-users.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/hann • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45323 – Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45323
02 Nov 2023 — Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database. Online Food Ordering System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'name' del recurso routers/add-item.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. Online Food Orderin... • https://fluidattacks.com/advisories/hann • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27073
https://notcve.org/view.php?id=CVE-2023-27073
14 Mar 2023 — A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request. • https://github.com/bhaveshkush007/CVEs/blob/main/CVE-2023-27073.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2020-29297
https://notcve.org/view.php?id=CVE-2020-29297
20 Jan 2023 — Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0. • https://gist.github.com/kdrypr/999a245abb4511d43e41df1ccdbcf0cb • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36759
https://notcve.org/view.php?id=CVE-2022-36759
02 Sep 2022 — Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=. Se ha detectado que Online Food Ordering System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del componente /dishes.php?res_id= • https://hackmd.io/%40hieuleuxuan/OFOS_Sql_Injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •