SourceCodester Online Pizza Ordering System GET Parameter category.php sql injection
CVE-2023-1364

7.5HIGH

Key Information:

Vendor
SourceCodester
Status
Online Pizza Ordering System
Vendor
CVE Published:
13 March 2023

Summary

An SQL injection vulnerability exists in the SourceCodester Online Pizza Ordering System version 1.0 that affects the file category.php within the GET Parameter Handler component. By manipulating the 'id' parameter, an attacker can execute unauthorized SQL commands, which allows for remote exploitation. The security risk associated with this vulnerability has been made public, and it emphasizes the importance of secure coding practices to prevent such attacks.

Affected Version(s)

Online Pizza Ordering System 1.0

References

https://vuldb.com/?id.222871
vdb-entrytechnical-description
https://vuldb.com/?ctiid.222871
signaturepermissions-required
https://github.com/E1CHO/cve_hub/blob/main/Online%20Pizza...
exploit

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)
.