SourceCodester Online Pizza Ordering System ajax.php sql injection
CVE-2023-1365

7.5HIGH

Key Information:

Vendor
SourceCodester
Status
Online Pizza Ordering System
Vendor
CVE Published:
13 March 2023

Summary

A SQL injection vulnerability exists in the Online Pizza Ordering System 1.0, specifically within the file /admin/ajax.php. The flaw allows attackers to manipulate the 'username' argument, potentially leading to unauthorized access to the database. The issue can be exploited remotely, making it a significant security concern. The exploit has been publicly disclosed, heightening the risk for users of the affected system.

Affected Version(s)

Online Pizza Ordering System 1.0

References

https://vuldb.com/?id.222872
vdb-entrytechnical-description
https://vuldb.com/?ctiid.222872
signaturepermissions-required
https://github.com/E1CHO/cve_hub/blob/main/Online%20Pizza...
exploit

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)
.