cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-5423,https://securityvulnerability.io/vulnerability/CVE-2023-5423,SourceCodester Online Pizza Ordering System sql injection,"The SourceCodester Online Pizza Ordering System 1.0 contains a vulnerability in the /admin/ajax.php application file, specifically in the 'confirm_order' action. By manipulating the 'id' parameter, an attacker can execute SQL injection attacks, allowing for unauthorized access to the database and potential data compromise. This vulnerability can be exploited remotely, posing significant security risks to the integrity of the application's data.",SourceCodester,Online Pizza Ordering System,9.8,CRITICAL,0.001550000044517219,false,,false,false,false,,,false,false,,2023-10-05T18:15:00.000Z,0
CVE-2023-2246,https://securityvulnerability.io/vulnerability/CVE-2023-2246,SourceCodester Online Pizza Ordering System unrestricted upload,A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227236.,Sourcecodester,Online Pizza Ordering System,6.3,MEDIUM,0.021229999139904976,false,,false,false,false,,,false,false,,2023-04-23T16:15:00.000Z,0
CVE-2023-1460,https://securityvulnerability.io/vulnerability/CVE-2023-1460,SourceCodester Online Pizza Ordering System Password Change improper authentication,"A security flaw has been identified in SourceCodester's Online Pizza Ordering System 1.0, located within the password change handler component. This vulnerability arises from improper authentication processes in the admin/ajax.php file, specifically with the action save_user. The nature of the flaw allows potential attackers to exploit this vulnerability remotely, which could compromise user accounts and sensitive data. Adequate measures should be taken to mitigate this risk and ensure robust authentication protocols are in place.",SourceCodester,Online Pizza Ordering System,9.8,CRITICAL,0.006149999797344208,false,,false,false,false,,,false,false,,2023-03-17T08:15:00.000Z,0
CVE-2023-1455,https://securityvulnerability.io/vulnerability/CVE-2023-1455,SourceCodester Online Pizza Ordering System Login Page sql injection,"A SQL injection vulnerability exists in the login page of the Online Pizza Ordering System by SourceCodester. This flaw arises from improper handling of user-supplied input in the 'email' argument of the action request. An attacker could exploit this vulnerability to execute arbitrary SQL commands against the database. Such an exploit may allow unauthorized access to sensitive information. Given the complexity and specific conditions required for a successful attack, it is essential for users and administrators to apply appropriate security measures to safeguard their applications.",SourceCodester,Online Pizza Ordering System,8.1,HIGH,0.0029299999587237835,false,,false,false,false,,,false,false,,2023-03-17T07:15:00.000Z,0
CVE-2023-1392,https://securityvulnerability.io/vulnerability/CVE-2023-1392,SourceCodester Online Pizza Ordering System save_menu unrestricted upload,"A vulnerability in the SourceCodester Online Pizza Ordering System version 1.0 allows for unrestricted file uploads via the save_menu function. This flaw could permit remote attackers to upload malicious files, potentially leading to remote code execution (RCE). The vulnerability has been publicly disclosed, increasing the risk of exploitation, and necessitating prompt action from affected users and administrators.",SourceCodester,Online Pizza Ordering System,9.8,CRITICAL,0.0032099999953061342,false,,false,false,false,,,false,false,,2023-03-14T15:15:00.000Z,0
CVE-2023-1365,https://securityvulnerability.io/vulnerability/CVE-2023-1365,SourceCodester Online Pizza Ordering System ajax.php sql injection,"A SQL injection vulnerability exists in the Online Pizza Ordering System 1.0, specifically within the file /admin/ajax.php. The flaw allows attackers to manipulate the 'username' argument, potentially leading to unauthorized access to the database. The issue can be exploited remotely, making it a significant security concern. The exploit has been publicly disclosed, heightening the risk for users of the affected system.",SourceCodester,Online Pizza Ordering System,7.5,HIGH,0.0020200000144541264,false,,false,false,false,,,false,false,,2023-03-13T08:15:00.000Z,0
CVE-2023-1364,https://securityvulnerability.io/vulnerability/CVE-2023-1364,SourceCodester Online Pizza Ordering System GET Parameter category.php sql injection,"An SQL injection vulnerability exists in the SourceCodester Online Pizza Ordering System version 1.0 that affects the file category.php within the GET Parameter Handler component. By manipulating the 'id' parameter, an attacker can execute unauthorized SQL commands, which allows for remote exploitation. The security risk associated with this vulnerability has been made public, and it emphasizes the importance of secure coding practices to prevent such attacks.",SourceCodester,Online Pizza Ordering System,7.5,HIGH,0.0020200000144541264,false,,false,false,false,,,false,false,,2023-03-13T08:15:00.000Z,0
CVE-2023-0988,https://securityvulnerability.io/vulnerability/CVE-2023-0988,SourceCodester Online Pizza Ordering System cross-site request forgery,"A vulnerability, which was classified as problematic, has been found in SourceCodester Online Pizza Ordering System 1.0. This issue affects some unknown processing of the file admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221681 was assigned to this vulnerability.",Sourcecodester,Online Pizza Ordering System,4.3,MEDIUM,0.007540000136941671,false,,false,false,false,,,false,false,,2023-02-23T16:15:00.000Z,0
CVE-2023-0987,https://securityvulnerability.io/vulnerability/CVE-2023-0987,SourceCodester Online Pizza Ordering System cross site scripting,A vulnerability classified as problematic was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file index.php?page=checkout. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221680.,SourceCodester,Online Pizza Ordering System,5.4,MEDIUM,0.0015399999683722854,false,,false,false,false,,,false,false,,2023-02-23T16:15:00.000Z,0
CVE-2023-0910,https://securityvulnerability.io/vulnerability/CVE-2023-0910,SourceCodester Online Pizza Ordering System GET Parameter view_prod.php sql injection,"A vulnerability exists in the SourceCodester Online Pizza Ordering System 1.0, specifically within the view_prod.php file in the GET Parameter Handler component. By manipulating the argument ID, an attacker can exploit this weakness to inject malicious SQL queries. This can lead to unauthorized access to the database, potentially compromising sensitive user data. The vulnerability can be triggered remotely, highlighting the need for immediate security measures to protect against such attacks.",SourceCodester,Online Pizza Ordering System,9.8,CRITICAL,0.0015899999998509884,false,,false,false,false,,,false,false,,2023-02-18T09:15:00.000Z,0
CVE-2023-0906,https://securityvulnerability.io/vulnerability/CVE-2023-0906,SourceCodester Online Pizza Ordering System POST Parameter ajax.php delete_category missing authentication,"A missing authentication vulnerability exists in the SourceCodester Online Pizza Ordering System version 1.0, specifically in the 'delete_category' function of the ajax.php file. This flaw allows unauthenticated users to invoke the function, potentially leading to unauthorized deletion of categories. Attackers can exploit this issue remotely, making it imperative for users and administrators of the system to take immediate action to secure their applications.",SourceCodester,Online Pizza Ordering System,9.8,CRITICAL,0.0022499999031424522,false,,false,false,false,,,false,false,,2023-02-18T08:15:00.000Z,0
CVE-2023-0883,https://securityvulnerability.io/vulnerability/CVE-2023-0883,SourceCodester Online Pizza Ordering System index.php sql injection,"A SQL injection vulnerability exists in the SourceCodester Online Pizza Ordering System version 1.0, specifically in the /php-opos/index.php file. Attackers can manipulate the ID argument to execute arbitrary SQL commands, potentially allowing unauthorized access to sensitive data. This vulnerability can be exploited remotely, making it easily accessible for malicious actors. Its public disclosure raises concerns over the security of the application, prompting users to assess their systems immediately.",SourceCodester,Online Pizza Ordering System,9.8,CRITICAL,0.0017300000181421638,false,,false,false,false,,,false,false,,2023-02-17T09:15:00.000Z,0