CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1455 – SourceCodester Online Pizza Ordering System Login Page sql injection
https://notcve.org/view.php?id=CVE-2023-1455
A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file admin/ajax.php?action=login2 of the component Login Page. The manipulation of the argument email with the input abc%40qq.com' AND (SELECT 9110 FROM (SELECT(SLEEP(5)))XSlc) AND 'jFNl'='jFNl leads to sql injection. The attack can be initiated remotely. • https://vuldb.com/?ctiid.223300 https://vuldb.com/?id.223300 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1392 – SourceCodester Online Pizza Ordering System save_menu unrestricted upload
https://notcve.org/view.php?id=CVE-2023-1392
A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is the function save_menu. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Fchen-xcu/Vulnerability-Set/blob/main/The%20online%20pizza%20ordering%20system%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf https://vuldb.com/?ctiid.222979 https://vuldb.com/?id.222979 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1365 – SourceCodester Online Pizza Ordering System ajax.php sql injection
https://notcve.org/view.php?id=CVE-2023-1365
A vulnerability was found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Online%20Pizza%20Ordering%20System/Online%20Pizza%20Ordering%20System%20sql%20vlun(3).pdf https://vuldb.com/?ctiid.222872 https://vuldb.com/?id.222872 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1364 – SourceCodester Online Pizza Ordering System GET Parameter category.php sql injection
https://notcve.org/view.php?id=CVE-2023-1364
A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file category.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Online%20Pizza%20Ordering%20System/Online%20Pizza%20Ordering%20System%20sql%20vlun(1).pdf https://vuldb.com/?ctiid.222871 https://vuldb.com/?id.222871 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27210
https://notcve.org/view.php?id=CVE-2023-27210
Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php. • https://github.com/xiumulty/CVE/blob/main/online%20pizza%20ordering%20system%20v1.0/sql%20in%20view_order.php.md https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •