| タイトル | projectworlds Online Ordering Food System 1.0 SQL Injection |
|---|
| 説明 | During the white-box testing of the Online-Food-Ordering-System-Project-in-PHP, it was found that the user input parameter "status" in the all-orders.php file is not filtered or processed and is directly concatenated into the SQL query statement, resulting in an SQL injection vulnerability. This allows attackers to exploit the vulnerability to insert malicious SQL statements and unauthorizedly tamper with or delete database information. The code here should be modified immediately to improve the security of the system. |
|---|
| ソース | ⚠️ https://github.com/Duo-zhen/CVE/issues/4 |
|---|
| ユーザー | HaiYing (UID 91395) |
|---|
| 送信 | 2025年10月09日 14:31 (8 月 ago) |
|---|
| モデレーション | 2025年10月10日 15:00 (1 day later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 327926 [projectworlds Online Ordering Food System 1.0 /all-orders.php ステータス SQLインジェクション] |
|---|
| ポイント | 20 |
|---|