cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8711,https://securityvulnerability.io/vulnerability/CVE-2024-8711,Vulnerability in SourceCodester Food Ordering System Could Lead to Information Exposure,"A vulnerability has been identified in the SourceCodester Food Ordering Management System version 1.0. This security issue is associated with an unknown functionality within the /includes/ directory. The flaw allows for unauthorized access to sensitive information through directory listing, which can be remotely exploited by attackers. This vulnerability poses significant risks as publicly disclosed exploits may facilitate potential attacks, leading to unintended data exposure.",Sourcecodester,Food Ordering Management System,7.5,HIGH,0.0017399999778717756,false,false,false,true,true,false,false,2024-09-12T03:31:04.967Z,0
CVE-2024-8582,https://securityvulnerability.io/vulnerability/CVE-2024-8582,Cross-Site Scripting Vulnerability in Food Ordering Management System,"A significant vulnerability exists in the SourceCodester Food Ordering Management System 1.0 that allows for cross-site scripting (XSS) attacks. Specifically, the issue is associated with the manipulation of the 'description' argument in the /index.php file. Attackers can exploit this flaw remotely, potentially leading to unauthorized actions or data exposure. Given that the exploit has been publicly disclosed, it poses a tangible threat to users and administrators of the affected system. Mitigation measures should be implemented to safeguard against this form of attack.",Sourcecodester,Food Ordering Management System,6.1,MEDIUM,0.0010400000028312206,false,false,false,true,true,false,false,2024-09-08T22:00:04.884Z,0
CVE-2024-8558,https://securityvulnerability.io/vulnerability/CVE-2024-8558,Food Ordering Management System Vulnerable to Remote Attack,"A problematic vulnerability has been identified in the SourceCodester Food Ordering Management System version 1.0, specifically within the Price Handler component located in the file /foms/routers/place-order.php. The vulnerability arises from improper validation of the specified quantity in the input field, which can lead to manipulation of the total argument. This loophole enables attackers to initiate remote exploits, posing a significant risk to the integrity and security of financial transactions within the system. The issue has been publicly disclosed, highlighting its potential for abuse if left unaddressed. Administrators are urged to implement corrective measures promptly.",Sourcecodester,Food Ordering Management System,4.3,MEDIUM,0.001230000052601099,false,false,false,true,true,false,false,2024-09-07T15:31:04.463Z,0
CVE-2024-8557,https://securityvulnerability.io/vulnerability/CVE-2024-8557,SQL Injection Vulnerability in SourceCodester Food Ordering Management System,"A critical SQL injection vulnerability has been identified in the SourceCodester Food Ordering Management System version 1.0, specifically within the cancel-order.php file. This vulnerability arises due to improper handling of the 'id' argument, which allows attackers to manipulate requests to execute arbitrary SQL commands. The nature of this vulnerability enables remote exploitation, making it a significant risk for users. Attackers can compromise the database, potentially leading to unauthorized access to sensitive data and further exploitation of the system. It is crucial for users to apply security updates and review access logs to mitigate the risks associated with this vulnerability.",Sourcecodester,Food Ordering Management System,7.5,HIGH,0.0016499999910593033,false,false,false,true,true,false,false,2024-09-07T15:00:05.934Z,0
CVE-2024-8416,https://securityvulnerability.io/vulnerability/CVE-2024-8416,SourceCodester Food Ordering Management System ticket-status.php sql injection,"A SQL injection vulnerability exists in the SourceCodester Food Ordering Management System 1.0, specifically within the file /routers/ticket-status.php. This flaw allows attackers to manipulate the ticket_id argument, enabling remote execution of SQL queries. The exploit has been publicly disclosed, posing a risk to users of the affected version and necessitating immediate remediation.",Sourcecodester,Food Ordering Management System,9.8,CRITICAL,0.0010900000343099236,false,false,false,true,true,false,false,2024-09-04T18:15:00.000Z,0
CVE-2024-6217,https://securityvulnerability.io/vulnerability/CVE-2024-6217,SQL Injection Vulnerability in SourceCodester Food Ordering Management System,"A critical security vulnerability has been identified in the SourceCodester Food Ordering Management System version 1.0, specifically within the user-router.php file. The vulnerability stems from insufficient validation of user input in the 1_verified argument, allowing for SQL injection attacks. This weakness enables attackers to manipulate database queries, potentially leading to unauthorized access to sensitive data and system control. The exploit can be executed remotely, making it a significant threat to any system utilizing this application. Organizations using the affected version of the software are encouraged to apply immediate mitigations and monitor their systems for suspicious activities.",Sourcecodester,Food Ordering Management System,8.8,HIGH,0.0008699999889358878,false,false,false,true,true,false,false,2024-06-21T02:00:04.826Z,0
CVE-2024-6216,https://securityvulnerability.io/vulnerability/CVE-2024-6216,SQL Injection Vulnerability in SourceCodester Food Ordering Management System,"A severe SQL injection vulnerability has been identified in the SourceCodester Food Ordering Management System version 1.0, specifically in the add-users.php file. This vulnerability allows attackers to manipulate the 'contact' parameter, enabling unauthorized remote access and exploitation of the system's database. The flaw poses significant risks as it permits attackers to execute arbitrary SQL code, potentially compromising sensitive user information. Affected users should take immediate steps to secure their systems against this exploit, as public disclosure has already made it susceptible to attacks. Users can refer to various resources for more detailed technical information and recommended mitigation strategies.",Sourcecodester,Food Ordering Management System,8.8,HIGH,0.0008699999889358878,false,false,false,true,true,false,false,2024-06-21T01:31:03.622Z,0
CVE-2024-6215,https://securityvulnerability.io/vulnerability/CVE-2024-6215,SQL Injection Vulnerability in SourceCodester Food Ordering Management System,"A severe SQL injection vulnerability has been discovered in the SourceCodester Food Ordering Management System up to version 1.0, specifically in the processing of the 'view-ticket-admin.php' file. This vulnerability enables attackers to manipulate the 'id' parameter, allowing them to execute arbitrary SQL queries on the underlying database. Since this exploit can be initiated remotely, it poses a significant risk to the integrity of the application. With the details disclosed publicly, it is imperative for users and administrators of this system to apply necessary patches and implement security measures to mitigate potential unauthorized access and data breaches.",Sourcecodester,Food Ordering Management System,8.8,HIGH,0.0008699999889358878,false,false,false,true,true,false,false,2024-06-21T01:00:04.802Z,0
CVE-2024-6214,https://securityvulnerability.io/vulnerability/CVE-2024-6214,SQL Injection Vulnerability in SourceCodester Food Ordering Management System,"A critical SQL injection vulnerability exists in the SourceCodester Food Ordering Management System version 1.0, located in the add-item.php file. The flaw allows an attacker to manipulate the 'price' parameter, which can lead to unauthorized access to the database. This vulnerability is particularly dangerous because it can be exploited remotely, allowing attackers to execute arbitrary SQL queries. With the exploit publicly disclosed, users of the affected version are urged to take immediate action to mitigate the risk. Security professionals should be vigilant in monitoring for any signs of exploitation linked to this vulnerability.",Sourcecodester,Food Ordering Management System,8.8,HIGH,0.0008699999889358878,false,false,false,true,true,false,false,2024-06-21T00:31:06.114Z,0
CVE-2024-6213,https://securityvulnerability.io/vulnerability/CVE-2024-6213,SQL Injection Vulnerability in SourceCodester Food Ordering Management System,"A significant SQL injection vulnerability has been identified in the login functionality of the SourceCodester Food Ordering Management System version 1.0. This flaw is located in the 'login.php' file, where improper handling of the username parameter allows remote attackers to manipulate input data. Successful exploitation of this vulnerability may permit unauthorized access to the application database, potentially leading to data breaches or unauthorized actions within the system. Users are advised to implement security patches immediately and review access controls to mitigate the impact of this vulnerability. For additional details and guidance on remediation, refer to the publicly available resources.",Sourcecodester,Food Ordering Management System,9.8,CRITICAL,0.0006900000153109431,false,false,false,true,true,false,false,2024-06-21T00:31:04.474Z,0
CVE-2023-2594,https://securityvulnerability.io/vulnerability/CVE-2023-2594,SourceCodester Food Ordering Management System Registration sql injection,"The SourceCodester Food Ordering Management System version 1.0 suffers from a SQL injection vulnerability in the registration component's username argument. This flaw allows remote attackers to manipulate queries, potentially leading to unauthorized access and compromise of the database. Proper input validation and sanitization are essential to mitigate this issue.",SourceCodester,Food Ordering Management System,9.8,CRITICAL,0.004220000002533197,false,false,false,true,true,false,false,2023-05-09T13:15:00.000Z,0
CVE-2022-3332,https://securityvulnerability.io/vulnerability/CVE-2022-3332,SourceCodester Food Ordering Management System POST Parameter router.php sql injection,A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System. This affects an unknown part of the file router.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-209583.,Sourcecodester,Food Ordering Management System,6.3,MEDIUM,0.0026499999221414328,false,false,false,false,,false,false,2022-09-28T04:35:11.000Z,0