CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2387 – SourceCodester Online Food Ordering System ajax.php sql injection
https://notcve.org/view.php?id=CVE-2025-2387
17 Mar 2025 — A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument pid leads to sql injection. • https://github.com/aionman/cve/issues/9 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8604 – SourceCodester Online Food Ordering System Create an Account Page index.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-8604
09 Sep 2024 — A vulnerability classified as problematic has been found in SourceCodester Online Food Ordering System 2.0. This affects an unknown part of the file index.php of the component Create an Account Page. The manipulation of the argument First Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. Es wurde eine Schwachstelle in SourceCodester Online Food Ordering System 2.0 entdeckt. • https://vuldb.com/?id.276831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •