Restaurant Management System
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-18417 | Hig | 0.57 | 8.8 | 0.02 | Oct 24, 2019 | Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files. | ||
| CVE-2019-18414 | Hig | 0.57 | 8.8 | 0.00 | Oct 24, 2019 | Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a… | ||
| CVE-2019-18416 | Med | 0.40 | 6.1 | 0.01 | Oct 24, 2019 | Sourcecodester Restaurant Management System 1.0 allows XSS via the Last Name field of a member. | ||
| CVE-2019-18415 | Med | 0.40 | 6.1 | 0.01 | Oct 24, 2019 | Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen. |
- risk 0.57cvss 8.8epss 0.02
Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files.
- risk 0.57cvss 8.8epss 0.00
Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a…
- risk 0.40cvss 6.1epss 0.01
Sourcecodester Restaurant Management System 1.0 allows XSS via the Last Name field of a member.
- risk 0.40cvss 6.1epss 0.01
Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen.