CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0247 – CodeAstro Online Food Ordering System Admin Panel sql injection
https://notcve.org/view.php?id=CVE-2024-0247
05 Jan 2024 — A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/13xhOZ3Zg-XoviVC744PPDorTxYbLUgbv/view?usp=sharing • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30122
https://notcve.org/view.php?id=CVE-2023-30122
05 May 2023 — An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://github.com/xtxxueyan/bug_report/blob/main/vendors/onetnom23/online-food-ordering-system-v2/RCE-1.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1432 – SourceCodester Online Food Ordering System POST Request access control
https://notcve.org/view.php?id=CVE-2023-1432
16 Mar 2023 — A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=save_settings of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be launched remotely. • https://vuldb.com/?ctiid.223214 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27073
https://notcve.org/view.php?id=CVE-2023-27073
14 Mar 2023 — A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request. • https://github.com/bhaveshkush007/CVEs/blob/main/CVE-2023-27073.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24646
https://notcve.org/view.php?id=CVE-2023-24646
13 Feb 2023 — An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Food-Ordering-System-v2.0 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24647
https://notcve.org/view.php?id=CVE-2023-24647
13 Feb 2023 — Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Food-Ordering-System-v2.0/SQLi • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24191
https://notcve.org/view.php?id=CVE-2023-24191
06 Feb 2023 — Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php. • https://github.com/xiumulty/CVE/blob/main/Online%20Food%20Ordering%20System%20v2/xss%20in%20signup.php.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24192
https://notcve.org/view.php?id=CVE-2023-24192
06 Feb 2023 — Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php. • https://github.com/xiumulty/CVE/blob/main/Online%20Food%20Ordering%20System%20v2/xss%20in%20login.php.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24194
https://notcve.org/view.php?id=CVE-2023-24194
06 Feb 2023 — Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php. • https://github.com/xiumulty/CVE/blob/main/Online%20Food%20Ordering%20System%20v2/xss%20in%20navbar.php.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24195
https://notcve.org/view.php?id=CVE-2023-24195
06 Feb 2023 — Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php. • https://github.com/xiumulty/CVE/blob/main/Online%20Food%20Ordering%20System%20v2/xss%20in%20index.php.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •