CVE-2023-24646
https://notcve.org/view.php?id=CVE-2023-24646
An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Food-Ordering-System-v2.0 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-24191
https://notcve.org/view.php?id=CVE-2023-24191
Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php. • https://github.com/xiumulty/CVE/blob/main/Online%20Food%20Ordering%20System%20v2/xss%20in%20signup.php.md https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-24194
https://notcve.org/view.php?id=CVE-2023-24194
Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php. • https://github.com/xiumulty/CVE/blob/main/Online%20Food%20Ordering%20System%20v2/xss%20in%20navbar.php.md https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-24192
https://notcve.org/view.php?id=CVE-2023-24192
Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php. • https://github.com/xiumulty/CVE/blob/main/Online%20Food%20Ordering%20System%20v2/xss%20in%20login.php.md https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-24197
https://notcve.org/view.php?id=CVE-2023-24197
Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php. • https://github.com/xiumulty/CVE/blob/main/Online%20Food%20Ordering%20System%20v2/sql%20in%20view_order.php.md https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •