cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-8604,https://securityvulnerability.io/vulnerability/CVE-2024-8604,Cross Site Scripting Vulnerability Discovered in SourceCodester's Online Food Ordering System,"A cross site scripting vulnerability exists in the SourceCodester Online Food Ordering System, specifically within the Create an Account Page accessed through index.php. This issue arises due to inadequate validation of user inputs, particularly the 'First Name' and 'Last Name' fields. Malicious actors can exploit this vulnerability remotely, allowing for scripting attacks that may compromise user sessions and execute unauthorized commands in the context of other users. Ensuring proper input sanitization practices is crucial to mitigate this risk and enhance overall application security.",Sourcecodester,Online Food Ordering System,6.1,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2024-09-09T16:00:04.833Z,0
CVE-2023-1432,https://securityvulnerability.io/vulnerability/CVE-2023-1432,SourceCodester Online Food Ordering System POST Request access control,"An improper access control vulnerability exists in the Online Food Ordering System by SourceCodester, specifically within the /fos/admin/ajax.php component. This flaw allows potential attackers to manipulate settings without proper authorization. The issue arises in a functionality related to POST requests, enabling remote exploitation of the system. Users of version 2.0 should take immediate action to secure their installations and mitigate potential risks associated with this vulnerability.",SourceCodester,Online Food Ordering System,9.8,CRITICAL,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-03-16T13:15:00.000Z,0
CVE-2023-0332,https://securityvulnerability.io/vulnerability/CVE-2023-0332,SourceCodester Online Food Ordering System manage_user.php sql injection,"An SQL injection vulnerability exists in the management functionality of SourceCodester's online food ordering system. The flaw resides in 'admin/manage_user.php', allowing attackers to manipulate the 'id' parameter and execute unauthorized SQL commands. This type of exploit can be executed remotely, posing a significant security risk to organizations utilizing this software. The vulnerability has been made public, increasing the likelihood of potential attacks.",SourceCodester,Online Food Ordering System,9.8,CRITICAL,0.009479999542236328,false,,false,false,false,,,false,false,,2023-01-17T08:15:00.000Z,0
CVE-2023-0304,https://securityvulnerability.io/vulnerability/CVE-2023-0304,SourceCodester Online Food Ordering System Signup Module admin_class.php sql injection,"A significant SQL injection vulnerability exists within the Signup Module of the admin_class.php file in the SourceCodester Online Food Ordering System. By manipulating the 'email' parameter, an attacker can execute arbitrary SQL queries, potentially compromising the database. The vulnerability allows for remote exploitation and has been publicly disclosed, underlining the urgency of implementing security measures. Users are advised to update their systems to prevent unauthorized access and data breaches.",SourceCodester,Online Food Ordering System,7.5,HIGH,0.0020600000862032175,false,,false,false,false,,,false,false,,2023-01-15T12:15:00.000Z,0
CVE-2023-0305,https://securityvulnerability.io/vulnerability/CVE-2023-0305,SourceCodester Online Food Ordering System Login Module admin_class.php sql injection,"A SQL injection vulnerability has been identified in the SourceCodester Online Food Ordering System, specifically affecting the Login Module's admin_class.php file. This vulnerability allows attackers to manipulate the 'username' parameter, enabling unauthorized remote access and potential compromise of database information. Given that the exploit details have been made public, immediate action is required to secure affected installations and prevent exploitation.",SourceCodester,Online Food Ordering System,7.5,HIGH,0.0020200000144541264,false,,false,false,false,,,false,false,,2023-01-15T12:15:00.000Z,0
CVE-2023-0303,https://securityvulnerability.io/vulnerability/CVE-2023-0303,SourceCodester Online Food Ordering System view_prod.php sql injection,"An SQL injection vulnerability has been identified in the Online Food Ordering System by SourceCodester, specifically within the view_prod.php file. This issue arises from inadequate validation of input in the 'id' parameter, allowing attackers to manipulate SQL queries remotely. Such vulnerabilities can enable unauthorized access to sensitive data and lead to further exploitation of the system. It's essential for users of affected versions to implement security measures and apply updates promptly to mitigate potential risks.",SourceCodester,Online Food Ordering System,7.5,HIGH,0.0020600000862032175,false,,false,false,false,,,false,false,,2023-01-15T12:15:00.000Z,0
CVE-2023-0258,https://securityvulnerability.io/vulnerability/CVE-2023-0258,SourceCodester Online Food Ordering System Category List cross site scripting,"A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Category List Handler. The manipulation of the argument Reason with the input ""><script>prompt(1)</script> leads to cross site scripting. The attack may be launched remotely. VDB-218186 is the identifier assigned to this vulnerability.",SourceCodester,Online Food Ordering System,6.1,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-01-12T22:15:00.000Z,0
CVE-2023-0257,https://securityvulnerability.io/vulnerability/CVE-2023-0257,SourceCodester Online Food Ordering System Menu Form unrestricted upload,"An unrestricted file upload vulnerability exists in the SourceCodester Online Food Ordering System 2.0. This issue arises from the compromised functionality of the Menu Form located at /fos/admin/index.php?page=menu. An attacker can exploit this vulnerability by manipulating the Image parameter, enabling the execution of arbitrary PHP code through a crafted input. This flaw allows for remote exploitation, potentially leading to unauthorized access and further attacks on the host system.",SourceCodester,Online Food Ordering System,9.8,CRITICAL,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-01-12T22:15:00.000Z,0
CVE-2023-0256,https://securityvulnerability.io/vulnerability/CVE-2023-0256,SourceCodester Online Food Ordering System Login Page sql injection,"A SQL injection vulnerability has been identified in the SourceCodester Online Food Ordering System version 2.0. An unknown function located in the /fos/admin/ajax.php file can be exploited through the login component by manipulating the Username parameter. This vulnerability allows attackers to execute arbitrary SQL commands, potentially leading to unauthorized access to the database. The attack can be executed remotely, exposing sensitive data and compromising the overall integrity of the system.",SourceCodester,Online Food Ordering System,9.8,CRITICAL,0.0017999999690800905,false,,false,false,false,,,false,false,,2023-01-12T22:15:00.000Z,0