| Titel | SourceCodester Online Food Ordering System 2.0 Access Bypass |
|---|
| Beschreibung | A vulnerability was found in SourceCodester Online Food Ordering System 2.0, a remote unauthenticated attacker could exploit this vulnerability by sending a crafted request.POST operations to /fos/admin/ajax.php?action=save_settings could be done without a cookie in it's header. Which will result in unauthenticated change of /fos/index.php?page=about and unauthenticated file upload.
|
|---|
| Quelle | ⚠️ Update to a non-vulnerable version of the product or apply the vendor-supplied patch: https://www.sourcecodester.com/php/14951/online-food-ordering-system-php-and-sqlite-database-free-source-code.html |
|---|
| Benutzer | WWesleywww (UID 43117) |
|---|
| Einreichung | 16.03.2023 12:09 (vor 3 Jahren) |
|---|
| Moderieren | 16.03.2023 13:49 (2 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 223214 [SourceCodester Online Food Ordering System 2.0 POST Request ajax.php?action=save_settings erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|