Online Food Ordering System
CVEs (31)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-2136 | Hig | 0.47 | 7.3 | 0.00 | Feb 8, 2026 | A flaw has been found in projectworlds Online Food Ordering System 1.0. This affects an unknown function of the file /view-ticket.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been… | ||
| CVE-2025-11604 | Hig | 0.47 | 7.3 | 0.00 | Oct 11, 2025 | A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status causes sql injection. Remote exploitation of the attack is possible. The exploit has… | ||
| CVE-2026-5811 | Med | 0.35 | 5.4 | 0.00 | Apr 8, 2026 | A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function save_product of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The… | ||
| CVE-2026-30527 | Med | 0.35 | 5.4 | 0.00 | Mar 27, 2026 | A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or… | ||
| CVE-2026-30531 | 0.00 | — | 0.00 | Mar 27, 2026 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_category action). The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker… | |||
| CVE-2026-30532 | 0.00 | — | 0.00 | Mar 27, 2026 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter. | |||
| CVE-2026-30529 | 0.00 | — | 0.00 | Mar 27, 2026 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_user action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an authenticated attacker… | |||
| CVE-2026-30533 | 0.00 | — | 0.00 | Mar 27, 2026 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php file via the "id" parameter. | |||
| CVE-2026-30534 | 0.00 | — | 0.00 | Mar 27, 2026 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via the "id" parameter. | |||
| CVE-2026-30530 | 0.00 | — | 0.00 | Mar 27, 2026 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_customer action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject… | |||
| CVE-2025-4936 | 0.00 | — | 0.00 | May 19, 2025 | A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin-page.php. The manipulation of the argument 1_price leads to sql injection. It is possible to launch the attack… | |||
| CVE-2023-45347 | 0.00 | — | 0.01 | Nov 2, 2023 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_verified' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2023-45346 | 0.00 | — | 0.01 | Nov 2, 2023 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2023-45338 | 0.00 | — | 0.01 | Nov 2, 2023 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2023-45341 | 0.00 | — | 0.01 | Nov 2, 2023 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2023-45340 | 0.00 | — | 0.01 | Nov 2, 2023 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2023-45336 | 0.00 | — | 0.01 | Nov 2, 2023 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2023-45334 | 0.00 | — | 0.01 | Nov 2, 2023 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2023-45323 | 0.00 | — | 0.01 | Nov 2, 2023 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2023-1432 | 0.00 | — | 0.01 | Mar 16, 2023 | A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=save_settings of the component POST Request Handler. The manipulation leads to… |
- risk 0.47cvss 7.3epss 0.00
A flaw has been found in projectworlds Online Food Ordering System 1.0. This affects an unknown function of the file /view-ticket.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status causes sql injection. Remote exploitation of the attack is possible. The exploit has…
- risk 0.35cvss 5.4epss 0.00
A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function save_product of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The…
- risk 0.35cvss 5.4epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or…
- CVE-2026-30531Mar 27, 2026risk 0.00cvss —epss 0.00
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_category action). The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker…
- CVE-2026-30532Mar 27, 2026risk 0.00cvss —epss 0.00
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter.
- CVE-2026-30529Mar 27, 2026risk 0.00cvss —epss 0.00
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_user action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an authenticated attacker…
- CVE-2026-30533Mar 27, 2026risk 0.00cvss —epss 0.00
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php file via the "id" parameter.
- CVE-2026-30534Mar 27, 2026risk 0.00cvss —epss 0.00
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via the "id" parameter.
- CVE-2026-30530Mar 27, 2026risk 0.00cvss —epss 0.00
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_customer action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject…
- CVE-2025-4936May 19, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin-page.php. The manipulation of the argument 1_price leads to sql injection. It is possible to launch the attack…
- CVE-2023-45347Nov 2, 2023risk 0.00cvss —epss 0.01
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_verified' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2023-45346Nov 2, 2023risk 0.00cvss —epss 0.01
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2023-45338Nov 2, 2023risk 0.00cvss —epss 0.01
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2023-45341Nov 2, 2023risk 0.00cvss —epss 0.01
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2023-45340Nov 2, 2023risk 0.00cvss —epss 0.01
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2023-45336Nov 2, 2023risk 0.00cvss —epss 0.01
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2023-45334Nov 2, 2023risk 0.00cvss —epss 0.01
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2023-45323Nov 2, 2023risk 0.00cvss —epss 0.01
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2023-1432Mar 16, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=save_settings of the component POST Request Handler. The manipulation leads to…
Page 1 of 2