CVE-2024-8604 – SourceCodester Online Food Ordering System Create an Account Page index.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-8604
A vulnerability classified as problematic has been found in SourceCodester Online Food Ordering System 2.0. This affects an unknown part of the file index.php of the component Create an Account Page. The manipulation of the argument First Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. Es wurde eine Schwachstelle in SourceCodester Online Food Ordering System 2.0 entdeckt. • https://vuldb.com/?id.276831 https://vuldb.com/?ctiid.276831 https://vuldb.com/?submit.404660 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-30122
https://notcve.org/view.php?id=CVE-2023-30122
An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://github.com/xtxxueyan/bug_report/blob/main/vendors/onetnom23/online-food-ordering-system-v2/RCE-1.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-1432 – SourceCodester Online Food Ordering System POST Request access control
https://notcve.org/view.php?id=CVE-2023-1432
A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=save_settings of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be launched remotely. • https://vuldb.com/?ctiid.223214 https://vuldb.com/?id.223214 • CWE-284: Improper Access Control •
CVE-2023-24647
https://notcve.org/view.php?id=CVE-2023-24647
Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Food-Ordering-System-v2.0/SQLi • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-24646
https://notcve.org/view.php?id=CVE-2023-24646
An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Food-Ordering-System-v2.0 • CWE-434: Unrestricted Upload of File with Dangerous Type •