SourceCodester Online Pizza Ordering System GET Parameter view_prod.php sql injection
CVE-2023-0910

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Online Pizza Ordering System
Vendor: CVE Published:; 18 February 2023

Summary

A vulnerability exists in the SourceCodester Online Pizza Ordering System 1.0, specifically within the view_prod.php file in the GET Parameter Handler component. By manipulating the argument ID, an attacker can exploit this weakness to inject malicious SQL queries. This can lead to unauthorized access to the database, potentially compromising sensitive user data. The vulnerability can be triggered remotely, highlighting the need for immediate security measures to protect against such attacks.

Affected Version(s)

Online Pizza Ordering System 1.0

References

https://vuldb.com/?id.221476

vdb-entrytechnical-description

https://vuldb.com/?ctiid.221476

signature

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 18, 2023
Vulnerability Reserved
Feb 18, 2023

Credit

Qnsx (VulDB User)