CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4936 – projectworlds Online Food Ordering System admin-page.php sql injection
https://notcve.org/view.php?id=CVE-2025-4936
19 May 2025 — A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin-page.php. The manipulation of the argument 1_price leads to sql injection. It is possible to launch the attack remotely. • https://github.com/sknadklasdls/CVE/issues/3 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45343 – Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45343
02 Nov 2023 — Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ticket_id' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database. Online Food Ordering System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'ticket_id' del recurso routers/ticket-message.php no valida los caracteres recibidos y se envían sin filtrar a la base de dato... • https://fluidattacks.com/advisories/hann • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45341 – Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45341
02 Nov 2023 — Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database. Online Food Ordering System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro '*_price' del recurso routers/menu-router.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/hann • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45344 – Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45344
02 Nov 2023 — Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. Online Food Ordering System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro '*_balance' del recurso routers/user-router.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/hann • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45342 – Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45342
02 Nov 2023 — Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/register-router.php resource does not validate the characters received and they are sent unfiltered to the database. Online Food Ordering System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'phone' del recurso routers/register-router.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/hann • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45340 – Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45340
02 Nov 2023 — Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database. Online Food Ordering System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'phone' del recurso routers/details-router.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/hann • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45336 – Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45336
02 Nov 2023 — Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database. Online Food Ordering System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'password' del recurso routers/router.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/hann • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45334 – Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45334
02 Nov 2023 — Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database. Online Food Ordering System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'status' del recurso routers/edit-orders.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/hann • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45325 – Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45325
02 Nov 2023 — Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'address' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database. Online Food Ordering System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'address' del recurso routers/add-users.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/hann • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45323 – Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45323
02 Nov 2023 — Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database. Online Food Ordering System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'name' del recurso routers/add-item.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. Online Food Orderin... • https://fluidattacks.com/advisories/hann • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •