| タイトル | Sourcecodester Online Food Ordering System v2 using PHP8 and MySQL Free Source Code v2.0 Local File Inclusion |
|---|
| 説明 | During the security assessment of "Online Food Ordering System", a critical local file inclusion vulnerability was identified in the "/index.php" file. This vulnerability is due to the direct use of user input from the 'page' parameter in the `include` statement without any path restriction. Attackers can manipulate the 'page' parameter to include sensitive files on the server, such as the database configuration file. Immediate remediation is necessary to safeguard system files and maintain the security of the system. |
|---|
| ソース | ⚠️ https://github.com/Mikkoseven/cve/issues/4 |
|---|
| ユーザー | Jxsec (UID 98275) |
|---|
| 送信 | 2026年05月15日 14:57 (22 日 ago) |
|---|
| モデレーション | 2026年06月02日 17:47 (18 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 367963 [SourceCodester Online Food Ordering System 2.0 /index.php include page 特権昇格] |
|---|
| ポイント | 20 |
|---|