Filtered by vendor Oretnom23
Subscribe
Total
756 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-30523 | 1 Oretnom23 | 1 Loan Management System | 2026-04-07 | N/A | 6.5 MEDIUM |
| A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define "Loan Plans" which determine the duration of a loan (in months). However, the backend fails to validate that the duration must be a positive integer. An attacker can submit a negative value for the months parameter. The system accepts this invalid data and creates a loan plan with a negative duration. | |||||
| CVE-2026-30527 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-04-06 | N/A | 5.4 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or updating a category. When an administrator or user visits the Category list page (or any page where this category is rendered), the injected JavaScript executes immediately in their browser. | |||||
| CVE-2026-30520 | 1 Oretnom23 | 1 Loan Management System | 2026-04-06 | N/A | 5.4 MEDIUM |
| A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file (specifically the save_loan action). The application fails to properly sanitize user input supplied to the "borrower_id" parameter in a POST request, allowing an authenticated attacker to inject malicious SQL commands. | |||||
| CVE-2026-30521 | 1 Oretnom23 | 1 Loan Management System | 2026-04-02 | N/A | 6.5 MEDIUM |
| A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this constraint is not enforced on the backend. An authenticated attacker can bypass the client-side restriction by manipulating the HTTP POST request to submit a negative value for the interest_percentage. This results in the creation of loan plans with negative interest rates. | |||||
| CVE-2026-30522 | 1 Oretnom23 | 1 Loan Management System | 2026-04-01 | N/A | 6.5 MEDIUM |
| A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering negative numbers in the "Monthly Overdue Penalty" field, this constraint is not enforced on the backend. An authenticated attacker can bypass the client-side restriction by manipulating the HTTP POST request to submit a negative value for the penalty_rate. | |||||
| CVE-2026-30530 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_customer action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject malicious SQL commands. | |||||
| CVE-2026-30531 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | N/A | 8.8 HIGH |
| A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_category action). The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious SQL commands. | |||||
| CVE-2026-30532 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter. | |||||
| CVE-2026-30533 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php file via the "id" parameter. | |||||
| CVE-2026-30534 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | N/A | 8.3 HIGH |
| A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via the "id" parameter. | |||||
| CVE-2024-8604 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Online Food Ordering System 2.0. This affects an unknown part of the file index.php of the component Create an Account Page. The manipulation of the argument First Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. | |||||
| CVE-2023-1432 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=save_settings of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be launched remotely. VDB-223214 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-24646 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2023-24195 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | N/A | 6.1 MEDIUM |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php. | |||||
| CVE-2022-29651 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 6.5 MEDIUM | 7.2 HIGH |
| An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2020-29297 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | N/A | 9.8 CRITICAL |
| Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0. | |||||
| CVE-2022-29650 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php. | |||||
| CVE-2022-36759 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=. | |||||
| CVE-2023-0332 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file admin/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218472. | |||||
| CVE-2023-0256 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /fos/admin/ajax.php?action=login of the component Login Page. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-218184. | |||||