SourceCodester Online Food Ordering System Signup Module admin_class.php sql injection
CVE-2023-0304

7.5HIGH

Key Information:

Vendor
SourceCodester
Status
Online Food Ordering System
Vendor
CVE Published:
15 January 2023

Summary

A significant SQL injection vulnerability exists within the Signup Module of the admin_class.php file in the SourceCodester Online Food Ordering System. By manipulating the 'email' parameter, an attacker can execute arbitrary SQL queries, potentially compromising the database. The vulnerability allows for remote exploitation and has been publicly disclosed, underlining the urgency of implementing security measures. Users are advised to update their systems to prevent unauthorized access and data breaches.

Affected Version(s)

Online Food Ordering System

References

https://vuldb.com/?id.218385
vdb-entrytechnical-description
https://vuldb.com/?ctiid.218385
signaturepermissions-required
https://github.com/Hanfu-l/cvetest/blob/main/2.pdf
exploit

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)
.