VYPR

Restaurant Management System

by Sourcecodester

CVEs (4)

  • CVE-2019-18417HigOct 24, 2019
    risk 0.57cvss 8.8epss 0.02

    Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files.

  • CVE-2019-18414HigOct 24, 2019
    risk 0.57cvss 8.8epss 0.00

    Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a…

  • CVE-2019-18416MedOct 24, 2019
    risk 0.40cvss 6.1epss 0.01

    Sourcecodester Restaurant Management System 1.0 allows XSS via the Last Name field of a member.

  • CVE-2019-18415MedOct 24, 2019
    risk 0.40cvss 6.1epss 0.01

    Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen.