| शीर्षक | projectworlds Online Ordering Food System 1.0 SQL Injection |
|---|
| विवरण | During the white-box testing of the Online-Food-Ordering-System-Project-in-PHP, it was found that the user input parameter "status" in the all-orders.php file is not filtered or processed and is directly concatenated into the SQL query statement, resulting in an SQL injection vulnerability. This allows attackers to exploit the vulnerability to insert malicious SQL statements and unauthorizedly tamper with or delete database information. The code here should be modified immediately to improve the security of the system. |
|---|
| स्रोत | ⚠️ https://github.com/Duo-zhen/CVE/issues/4 |
|---|
| उपयोगकर्ता | HaiYing (UID 91395) |
|---|
| सबमिशन | 09/10/2025 02:31 PM (8 महीनों पहले) |
|---|
| संयम | 10/10/2025 03:00 PM (1 day later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 327926 [projectworlds Online Ordering Food System 1.0 /all-orders.php स्थिति SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|