VYPR

Online Food Ordering System

by Projectworlds

CVEs (31)

  • CVE-2026-2136HigFeb 8, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in projectworlds Online Food Ordering System 1.0. This affects an unknown function of the file /view-ticket.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2025-11604HigOct 11, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status causes sql injection. Remote exploitation of the attack is possible. The exploit has…

  • CVE-2026-5811MedApr 8, 2026
    risk 0.35cvss 5.4epss 0.00

    A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function save_product of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The…

  • CVE-2026-30527MedMar 27, 2026
    risk 0.35cvss 5.4epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or…

  • CVE-2026-30531Mar 27, 2026
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_category action). The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker…

  • CVE-2026-30532Mar 27, 2026
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter.

  • CVE-2026-30529Mar 27, 2026
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_user action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an authenticated attacker…

  • CVE-2026-30533Mar 27, 2026
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php file via the "id" parameter.

  • CVE-2026-30534Mar 27, 2026
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via the "id" parameter.

  • CVE-2026-30530Mar 27, 2026
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_customer action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject…

  • CVE-2025-4936May 19, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin-page.php. The manipulation of the argument 1_price leads to sql injection. It is possible to launch the attack…

  • CVE-2023-45347Nov 2, 2023
    risk 0.00cvss epss 0.01

    Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_verified' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-45346Nov 2, 2023
    risk 0.00cvss epss 0.01

    Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-45338Nov 2, 2023
    risk 0.00cvss epss 0.01

    Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-45341Nov 2, 2023
    risk 0.00cvss epss 0.01

    Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-45340Nov 2, 2023
    risk 0.00cvss epss 0.01

    Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-45336Nov 2, 2023
    risk 0.00cvss epss 0.01

    Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-45334Nov 2, 2023
    risk 0.00cvss epss 0.01

    Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-45323Nov 2, 2023
    risk 0.00cvss epss 0.01

    Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-1432Mar 16, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=save_settings of the component POST Request Handler. The manipulation leads to…

Page 1 of 2