SourceCodester Friendly Island Pizza Website and Ordering System GET Parameter deleteorder.php sql injection
CVE-2023-1301

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Friendly Island Pizza Website and Ordering System
Vendor
CVE Published:
9 March 2023

Summary

The Friendly Island Pizza Website and Ordering System version 1.0 has a vulnerability in its file deleteorder.php, which is part of the GET Parameter Handler. An attacker can manipulate the 'id' parameter to execute SQL injection attacks remotely, potentially compromising the database. This exploit has been made public and poses a risk to users of this system.

Affected Version(s)

Friendly Island Pizza Website and Ordering System 1.0

References

https://vuldb.com/?id.222662
vdb-entrytechnical-description
https://vuldb.com/?ctiid.222662
signaturepermissions-required
https://github.com/a-xsg/bug_report/blob/main/vendors/Sky...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

a-xsg (VulDB User)
.