CVE-2023-0987 – SourceCodester Online Pizza Ordering System cross site scripting
https://notcve.org/view.php?id=CVE-2023-0987
A vulnerability classified as problematic was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file index.php?page=checkout. The manipulation leads to cross site scripting. The attack can be initiated remotely. • https://github.com/1MurasaKi/PizzeXSS_Report/blob/main/Online%20Pizza%20Ordering%20System/README.md https://vuldb.com/?ctiid.221680 https://vuldb.com/?id.221680 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-0910 – SourceCodester Online Pizza Ordering System GET Parameter view_prod.php sql injection
https://notcve.org/view.php?id=CVE-2023-0910
A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_prod.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-221476. • https://vuldb.com/?ctiid.221476 https://vuldb.com/?id.221476 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-0906 – SourceCodester Online Pizza Ordering System POST Parameter ajax.php delete_category missing authentication
https://notcve.org/view.php?id=CVE-2023-0906
A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. Affected by this vulnerability is the function delete_category of the file ajax.php of the component POST Parameter Handler. The manipulation leads to missing authentication. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-221455. • https://vuldb.com/?ctiid.221455 https://vuldb.com/?id.221455 • CWE-306: Missing Authentication for Critical Function •
CVE-2023-0883 – SourceCodester Online Pizza Ordering System index.php sql injection
https://notcve.org/view.php?id=CVE-2023-0883
A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /php-opos/index.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/awans2023/CVE https://vuldb.com/?ctiid.221350 https://vuldb.com/?id.221350 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •