CVE-2023-1392 – SourceCodester Online Pizza Ordering System save_menu unrestricted upload
https://notcve.org/view.php?id=CVE-2023-1392
A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is the function save_menu. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Fchen-xcu/Vulnerability-Set/blob/main/The%20online%20pizza%20ordering%20system%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf https://vuldb.com/?ctiid.222979 https://vuldb.com/?id.222979 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-1365 – SourceCodester Online Pizza Ordering System ajax.php sql injection
https://notcve.org/view.php?id=CVE-2023-1365
A vulnerability was found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Online%20Pizza%20Ordering%20System/Online%20Pizza%20Ordering%20System%20sql%20vlun(3).pdf https://vuldb.com/?ctiid.222872 https://vuldb.com/?id.222872 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-1364 – SourceCodester Online Pizza Ordering System GET Parameter category.php sql injection
https://notcve.org/view.php?id=CVE-2023-1364
A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file category.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Online%20Pizza%20Ordering%20System/Online%20Pizza%20Ordering%20System%20sql%20vlun(1).pdf https://vuldb.com/?ctiid.222871 https://vuldb.com/?id.222871 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-27210
https://notcve.org/view.php?id=CVE-2023-27210
Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php. • https://github.com/xiumulty/CVE/blob/main/online%20pizza%20ordering%20system%20v1.0/sql%20in%20view_order.php.md https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-27208
https://notcve.org/view.php?id=CVE-2023-27208
A cross-site scripting (XSS) vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter. • https://github.com/xiumulty/CVE/blob/main/online%20pizza%20ordering%20system%20v1.0/xss%20in%20login.php.md https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •