SQL Injection Vulnerability in Food Ordering Management System by Onetnom23
CVE-2022-42990

7.2HIGH

Key Information:

Vendor: Food Ordering Management System Project
Status: Food Ordering Management System
Vendor: CVE Published:; 7 November 2022

🔔 Create Food Ordering Management System Project Vulnerability Alert

What is CVE-2022-42990?

The Food Ordering Management System v1.0 includes a vulnerability that allows SQL injection through the component located at /foms/all-orders.php?status=Cancelled%20by%20Customer. This security flaw can be exploited by attackers to manipulate the database, potentially leading to unauthorized data access and compromise of sensitive information. It is essential for users of this system to implement necessary security measures to mitigate the risks associated with this vulnerability.

References

https://github.com/YorkLee2022/bug_report/blob/main/vendo...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2022
Vulnerability Reserved
Oct 17, 2022

CVE-2022-42990 Data

JSON