| Название | projectworlds Online Ordering Food System 1.0 SQL Injection |
|---|
| Описание | During the white-box testing of the Online-Food-Ordering-System-Project-in-PHP, it was found that the user input parameter "status" in the all-orders.php file is not filtered or processed and is directly concatenated into the SQL query statement, resulting in an SQL injection vulnerability. This allows attackers to exploit the vulnerability to insert malicious SQL statements and unauthorizedly tamper with or delete database information. The code here should be modified immediately to improve the security of the system. |
|---|
| Источник | ⚠️ https://github.com/Duo-zhen/CVE/issues/4 |
|---|
| Пользователь | HaiYing (UID 91395) |
|---|
| Представление | 09.10.2025 14:31 (8 месяцы назад) |
|---|
| Модерация | 10.10.2025 15:00 (1 day later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 327926 [projectworlds Online Ordering Food System 1.0 /all-orders.php Статус SQL-инъекция] |
|---|
| Баллы | 20 |
|---|