| Title | SourceCodester Online Food Ordering System 2.0 Access Bypass |
|---|
| Description | A vulnerability was found in SourceCodester Online Food Ordering System 2.0, a remote unauthenticated attacker could exploit this vulnerability by sending a crafted request.POST operations to /fos/admin/ajax.php?action=save_settings could be done without a cookie in it's header. Which will result in unauthenticated change of /fos/index.php?page=about and unauthenticated file upload.
|
|---|
| Source | ⚠️ Update to a non-vulnerable version of the product or apply the vendor-supplied patch: https://www.sourcecodester.com/php/14951/online-food-ordering-system-php-and-sqlite-database-free-source-code.html |
|---|
| User | WWesleywww (UID 43117) |
|---|
| Submission | 03/16/2023 12:09 (3 years ago) |
|---|
| Moderation | 03/16/2023 13:49 (2 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 223214 [SourceCodester Online Food Ordering System 2.0 POST Request ajax.php?action=save_settings access control] |
|---|
| Points | 20 |
|---|