SourceCodester Online Pizza Ordering System POST Parameter ajax.php delete_category missing authentication
CVE-2023-0906

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Online Pizza Ordering System
Vendor: CVE Published:; 18 February 2023

Summary

A missing authentication vulnerability exists in the SourceCodester Online Pizza Ordering System version 1.0, specifically in the 'delete_category' function of the ajax.php file. This flaw allows unauthenticated users to invoke the function, potentially leading to unauthorized deletion of categories. Attackers can exploit this issue remotely, making it imperative for users and administrators of the system to take immediate action to secure their applications.

Affected Version(s)

Online Pizza Ordering System 1.0

References

https://vuldb.com/?id.221455

vdb-entrytechnical-description

https://vuldb.com/?ctiid.221455

signature

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 18, 2023
Vulnerability Reserved
Feb 18, 2023

Credit

Qnsx (VulDB User)