CVE-2023-27208
https://notcve.org/view.php?id=CVE-2023-27208
A cross-site scripting (XSS) vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter. • https://github.com/xiumulty/CVE/blob/main/online%20pizza%20ordering%20system%20v1.0/xss%20in%20login.php.md https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-27211
https://notcve.org/view.php?id=CVE-2023-27211
A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter. • https://github.com/xiumulty/CVE/blob/main/online%20pizza%20ordering%20system%20v1.0/xss%20in%20navbar.php%20.md https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-27207
https://notcve.org/view.php?id=CVE-2023-27207
Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php. • https://github.com/xiumulty/CVE/blob/main/online%20pizza%20ordering%20system%20v1.0/sql%20in%20manage_user.php%20.md https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-27212
https://notcve.org/view.php?id=CVE-2023-27212
A cross-site scripting (XSS) vulnerability in /php-opos/signup.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter. • https://github.com/xiumulty/CVE/blob/main/online%20pizza%20ordering%20system%20v1.0/xss%20in%20signup.php.md https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-0988 – SourceCodester Online Pizza Ordering System cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-0988
A vulnerability, which was classified as problematic, has been found in SourceCodester Online Pizza Ordering System 1.0. This issue affects some unknown processing of the file admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. • https://github.com/1MurasaKi/PizzaCSRF_report/tree/main/vender/Online%20Pizza%20Ordering%20System https://vuldb.com/?ctiid.221681 https://vuldb.com/?id.221681 • CWE-352: Cross-Site Request Forgery (CSRF) •