CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13070 – CodeAstro Online Food Ordering System Update User Page update_users.php sql injection
https://notcve.org/view.php?id=CVE-2024-13070
31 Dec 2024 — A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/update_users.php of the component Update User Page. The manipulation of the argument user_upd leads to sql injection. The attack can be launched remotely. • https://codeastro.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13067 – CodeAstro Online Food Ordering System All Users Page all_users.php access control
https://notcve.org/view.php?id=CVE-2024-13067
31 Dec 2024 — A vulnerability was found in CodeAstro Online Food Ordering System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/all_users.php of the component All Users Page. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://codeastro.com • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7838 – itsourcecode Online Food Ordering System addcategory.php sql injection
https://notcve.org/view.php?id=CVE-2024-7838
15 Aug 2024 — A vulnerability was found in itsourcecode Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /addcategory.php. The manipulation of the argument cname leads to sql injection. The attack may be launched remotely. • https://github.com/ppp-src/a/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7189 – itsourcecode Online Food Ordering System editproduct.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-7189
29 Jul 2024 — A vulnerability classified as critical has been found in itsourcecode Online Food Ordering System 1.0. Affected is an unknown function of the file editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/L1OudFd8cl09/CVE/blob/main/25_07_2024_a.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6373 – itsourcecode Online Food Ordering System addproduct.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-6373
27 Jun 2024 — A vulnerability has been found in itsourcecode Online Food Ordering System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Abyssun/abyssun-/issues/1 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6253 – itsourcecode Online Food Ordering System purchase.php sql injection
https://notcve.org/view.php?id=CVE-2024-6253
22 Jun 2024 — A vulnerability was found in itsourcecode Online Food Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /purchase.php. The manipulation of the argument customer leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Desenchanted/cve/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0423 – CodeAstro Online Food Ordering System dishes.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-0423
11 Jan 2024 — A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file dishes.php. The manipulation of the argument res_id leads to cross site scripting. The attack may be launched remotely. • https://drive.google.com/file/d/1SaHrOPMV6yrBaS5pA7MOX8nsiVGxvlOa/view?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0247 – CodeAstro Online Food Ordering System Admin Panel sql injection
https://notcve.org/view.php?id=CVE-2024-0247
05 Jan 2024 — A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/13xhOZ3Zg-XoviVC744PPDorTxYbLUgbv/view?usp=sharing • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45343 – Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45343
02 Nov 2023 — Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ticket_id' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database. Online Food Ordering System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'ticket_id' del recurso routers/ticket-message.php no valida los caracteres recibidos y se envían sin filtrar a la base de dato... • https://fluidattacks.com/advisories/hann • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45341 – Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45341
02 Nov 2023 — Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database. Online Food Ordering System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro '*_price' del recurso routers/menu-router.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/hann • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •