| Title | projectworlds Online Ordering Food System 1.0 SQL Injection |
|---|
| Description | During the white-box testing of the Online-Food-Ordering-System-Project-in-PHP, it was found that the user input parameter "status" in the all-orders.php file is not filtered or processed and is directly concatenated into the SQL query statement, resulting in an SQL injection vulnerability. This allows attackers to exploit the vulnerability to insert malicious SQL statements and unauthorizedly tamper with or delete database information. The code here should be modified immediately to improve the security of the system. |
|---|
| Source | ⚠️ https://github.com/Duo-zhen/CVE/issues/4 |
|---|
| User | HaiYing (UID 91395) |
|---|
| Submission | 10/09/2025 14:31 (8 months ago) |
|---|
| Moderation | 10/10/2025 15:00 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 327926 [projectworlds Online Ordering Food System 1.0 /all-orders.php Status sql injection] |
|---|
| Points | 20 |
|---|