Food Ordering System
CVEs (53)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-12298 | Med | 0.28 | 4.3 | 0.00 | Oct 27, 2025 | A vulnerability was identified in code-projects Simple Food Ordering System 1.0. This affects an unknown part of the file /editcategory.php. The manipulation of the argument pname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is… | ||
| CVE-2025-10837 | Low | 0.23 | 3.5 | 0.00 | Sep 23, 2025 | A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /ordersimple/order.php. The manipulation of the argument ID leads to cross site scripting. The attack may be… | ||
| CVE-2026-4899 | Low | 0.16 | 2.4 | 0.00 | Mar 26, 2026 | A security flaw has been discovered in code-projects Online Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /dbfood/food.php. The manipulation of the argument cuisines results in cross site scripting. It is possible to launch the attack… | ||
| CVE-2026-26710 | 0.00 | — | 0.00 | Mar 2, 2026 | code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php. | |||
| CVE-2026-26713 | 0.00 | — | 0.00 | Mar 2, 2026 | code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-order.php. | |||
| CVE-2026-26711 | 0.00 | — | 0.00 | Mar 2, 2026 | code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php. | |||
| CVE-2026-26712 | 0.00 | — | 0.00 | Mar 2, 2026 | code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admin.php. | |||
| CVE-2025-56276 | 0.00 | — | 0.00 | Sep 16, 2025 | code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the registration function. An attacker enters malicious JavaScript code as a username, which triggers the XSS vulnerability when the admin views user information, resulting in the… | |||
| CVE-2025-56280 | 0.00 | — | 0.00 | Sep 16, 2025 | code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the area where users submit reservation information. | |||
| CVE-2023-36968 | 0.00 | — | 0.01 | Jul 6, 2023 | A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter. | |||
| CVE-2022-32318 | 0.00 | — | 0.00 | Jul 14, 2022 | Fast Food Ordering System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the component /ffos/classes/Master.php?f=save_category. | |||
| CVE-2022-1991 | 0.00 | — | 0.01 | Jun 3, 2022 | A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0. Affected is the file Master.php of the Master List. The manipulation of the argument Description with the input foo "> leads to cross site… | |||
| CVE-2021-25211 | 0.00 | — | 0.02 | Jul 22, 2021 | Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php. |
- risk 0.28cvss 4.3epss 0.00
A vulnerability was identified in code-projects Simple Food Ordering System 1.0. This affects an unknown part of the file /editcategory.php. The manipulation of the argument pname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is…
- risk 0.23cvss 3.5epss 0.00
A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /ordersimple/order.php. The manipulation of the argument ID leads to cross site scripting. The attack may be…
- risk 0.16cvss 2.4epss 0.00
A security flaw has been discovered in code-projects Online Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /dbfood/food.php. The manipulation of the argument cuisines results in cross site scripting. It is possible to launch the attack…
- CVE-2026-26710Mar 2, 2026risk 0.00cvss —epss 0.00
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php.
- CVE-2026-26713Mar 2, 2026risk 0.00cvss —epss 0.00
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-order.php.
- CVE-2026-26711Mar 2, 2026risk 0.00cvss —epss 0.00
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php.
- CVE-2026-26712Mar 2, 2026risk 0.00cvss —epss 0.00
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admin.php.
- CVE-2025-56276Sep 16, 2025risk 0.00cvss —epss 0.00
code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the registration function. An attacker enters malicious JavaScript code as a username, which triggers the XSS vulnerability when the admin views user information, resulting in the…
- CVE-2025-56280Sep 16, 2025risk 0.00cvss —epss 0.00
code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the area where users submit reservation information.
- CVE-2023-36968Jul 6, 2023risk 0.00cvss —epss 0.01
A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter.
- CVE-2022-32318Jul 14, 2022risk 0.00cvss —epss 0.00
Fast Food Ordering System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the component /ffos/classes/Master.php?f=save_category.
- CVE-2022-1991Jun 3, 2022risk 0.00cvss —epss 0.01
A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0. Affected is the file Master.php of the Master List. The manipulation of the argument Description with the input foo "> leads to cross site…
- CVE-2021-25211Jul 22, 2021risk 0.00cvss —epss 0.02
Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php.
Page 3 of 3