| عنوان | Sourcecodester Online Food Ordering System v2 using PHP8 and MySQL Free Source Code v2.0 Local File Inclusion |
|---|
| الوصف | During the security assessment of "Online Food Ordering System", a critical local file inclusion vulnerability was identified in the "/index.php" file. This vulnerability is due to the direct use of user input from the 'page' parameter in the `include` statement without any path restriction. Attackers can manipulate the 'page' parameter to include sensitive files on the server, such as the database configuration file. Immediate remediation is necessary to safeguard system files and maintain the security of the system. |
|---|
| المصدر | ⚠️ https://github.com/Mikkoseven/cve/issues/4 |
|---|
| المستخدم | Jxsec (UID 98275) |
|---|
| ارسال | 15/05/2026 02:57 PM (22 أيام منذ) |
|---|
| الاعتدال | 02/06/2026 05:47 PM (18 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 367963 [SourceCodester Online Food Ordering System 2.0 /index.php include page تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|