Page 4 of 19 results (0.049 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as problematic was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file index.php?page=checkout. The manipulation leads to cross site scripting. The attack can be initiated remotely. • https://github.com/1MurasaKi/PizzeXSS_Report/blob/main/Online%20Pizza%20Ordering%20System/README.md https://vuldb.com/?ctiid.221680 https://vuldb.com/?id.221680 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_prod.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-221476. • https://vuldb.com/?ctiid.221476 https://vuldb.com/?id.221476 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. Affected by this vulnerability is the function delete_category of the file ajax.php of the component POST Parameter Handler. The manipulation leads to missing authentication. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-221455. • https://vuldb.com/?ctiid.221455 https://vuldb.com/?id.221455 • CWE-306: Missing Authentication for Critical Function •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /php-opos/index.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/awans2023/CVE https://vuldb.com/?ctiid.221350 https://vuldb.com/?id.221350 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •