CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2387 – SourceCodester Online Food Ordering System ajax.php sql injection
https://notcve.org/view.php?id=CVE-2025-2387
17 Mar 2025 — A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument pid leads to sql injection. • https://github.com/aionman/cve/issues/9 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8604 – SourceCodester Online Food Ordering System Create an Account Page index.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-8604
09 Sep 2024 — A vulnerability classified as problematic has been found in SourceCodester Online Food Ordering System 2.0. This affects an unknown part of the file index.php of the component Create an Account Page. The manipulation of the argument First Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. Es wurde eine Schwachstelle in SourceCodester Online Food Ordering System 2.0 entdeckt. • https://vuldb.com/?id.276831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30122
https://notcve.org/view.php?id=CVE-2023-30122
05 May 2023 — An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://github.com/xtxxueyan/bug_report/blob/main/vendors/onetnom23/online-food-ordering-system-v2/RCE-1.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1432 – SourceCodester Online Food Ordering System POST Request access control
https://notcve.org/view.php?id=CVE-2023-1432
16 Mar 2023 — A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=save_settings of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be launched remotely. • https://vuldb.com/?ctiid.223214 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24646
https://notcve.org/view.php?id=CVE-2023-24646
13 Feb 2023 — An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Food-Ordering-System-v2.0 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24647
https://notcve.org/view.php?id=CVE-2023-24647
13 Feb 2023 — Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Food-Ordering-System-v2.0/SQLi • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24191
https://notcve.org/view.php?id=CVE-2023-24191
06 Feb 2023 — Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php. • https://github.com/xiumulty/CVE/blob/main/Online%20Food%20Ordering%20System%20v2/xss%20in%20signup.php.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24192
https://notcve.org/view.php?id=CVE-2023-24192
06 Feb 2023 — Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php. • https://github.com/xiumulty/CVE/blob/main/Online%20Food%20Ordering%20System%20v2/xss%20in%20login.php.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24194
https://notcve.org/view.php?id=CVE-2023-24194
06 Feb 2023 — Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php. • https://github.com/xiumulty/CVE/blob/main/Online%20Food%20Ordering%20System%20v2/xss%20in%20navbar.php.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24195
https://notcve.org/view.php?id=CVE-2023-24195
06 Feb 2023 — Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php. • https://github.com/xiumulty/CVE/blob/main/Online%20Food%20Ordering%20System%20v2/xss%20in%20index.php.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •