Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database.
References
| Link | Resource |
|---|---|
| https://fluidattacks.com/advisories/hann | Exploit Third Party Advisory |
| https://projectworlds.in/ | Product |
| https://fluidattacks.com/advisories/hann | Exploit Third Party Advisory |
| https://projectworlds.in/ | Product |
Configurations
History
21 Nov 2024, 08:26
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://fluidattacks.com/advisories/hann - Exploit, Third Party Advisory | |
| References | () https://projectworlds.in/ - Product |
30 Nov 2023, 19:25
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Projectworlds
Projectworlds online Food Ordering System |
|
| CPE | cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:* |
08 Nov 2023, 00:53
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Online Food Ordering Script Project online Food Ordering Script
Online Food Ordering Script Project |
|
| References | (MISC) https://fluidattacks.com/advisories/hann - Exploit, Third Party Advisory | |
| References | (MISC) https://projectworlds.in/ - Product | |
| CPE | cpe:2.3:a:online_food_ordering_script_project:online_food_ordering_script:1.0:*:*:*:*:*:*:* |
02 Nov 2023, 14:26
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-11-02 14:15
Updated : 2024-11-21 08:26
NVD link : CVE-2023-45341
Mitre link : CVE-2023-45341
CVE.ORG link : CVE-2023-45341
JSON object : View
Products Affected
projectworlds
- online_food_ordering_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')