SQL Injection Vulnerability in Online Food Ordering System by Unknown Vendor
CVE-2022-36759

9.8CRITICAL

Key Information:

Vendor: Online Food Ordering System Project
Status: Online Food Ordering System
Vendor: CVE Published:; 2 September 2022

🔔 Create Online Food Ordering System Project Vulnerability Alert

What is CVE-2022-36759?

The Online Food Ordering System v1.0 is susceptible to a SQL injection vulnerability through the 'res_id' parameter in the '/dishes.php' component. Attackers can exploit this flaw to manipulate database queries, potentially accessing or altering sensitive data. This vulnerability emphasizes the need for robust input validation and secure coding practices to protect user information and maintain application integrity.

References

https://hackmd.io/%40hieuleuxuan/OFOS_Sql_Injection

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2022
Vulnerability Reserved
Jul 25, 2022

CVE-2022-36759 Data

JSON