| عنوان | projectworlds Online Ordering Food System 1.0 SQL Injection |
|---|
| الوصف | During the white-box testing of the Online-Food-Ordering-System-Project-in-PHP, it was found that the user input parameter "status" in the all-orders.php file is not filtered or processed and is directly concatenated into the SQL query statement, resulting in an SQL injection vulnerability. This allows attackers to exploit the vulnerability to insert malicious SQL statements and unauthorizedly tamper with or delete database information. The code here should be modified immediately to improve the security of the system. |
|---|
| المصدر | ⚠️ https://github.com/Duo-zhen/CVE/issues/4 |
|---|
| المستخدم | HaiYing (UID 91395) |
|---|
| ارسال | 09/10/2025 02:31 PM (8 أشهر منذ) |
|---|
| الاعتدال | 10/10/2025 03:00 PM (1 day later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 327926 [projectworlds Online Ordering Food System 1.0 /all-orders.php الحالة حقن SQL] |
|---|
| النقاط | 20 |
|---|