Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Online_food_ordering_system
(Projectworlds)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 11 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-01-23 | CVE-2024-57328 | A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The vulnerability arises because the input fields username and password are not properly sanitized, allowing attackers to inject malicious SQL queries to bypass authentication and gain unauthorized access. | Online_food_ordering_system | 9.8 | ||
| 2023-11-02 | CVE-2023-45323 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database. | Online_food_ordering_system | N/A | ||
| 2023-11-02 | CVE-2023-45325 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'address' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database. | Online_food_ordering_system | N/A | ||
| 2023-11-02 | CVE-2023-45334 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database. | Online_food_ordering_system | N/A | ||
| 2023-11-02 | CVE-2023-45336 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database. | Online_food_ordering_system | N/A | ||
| 2023-11-02 | CVE-2023-45340 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database. | Online_food_ordering_system | N/A | ||
| 2023-11-02 | CVE-2023-45341 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database. | Online_food_ordering_system | N/A | ||
| 2023-11-02 | CVE-2023-45342 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/register-router.php resource does not validate the characters received and they are sent unfiltered to the database. | Online_food_ordering_system | 9.8 | ||
| 2023-11-02 | CVE-2023-45343 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ticket_id' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database. | Online_food_ordering_system | N/A | ||
| 2023-11-02 | CVE-2023-45344 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | Online_food_ordering_system | N/A |