SourceCodester Online Food Ordering System POST Request access control
CVE-2023-1432

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Online Food Ordering System
Vendor: CVE Published:; 16 March 2023

Summary

An improper access control vulnerability exists in the Online Food Ordering System by SourceCodester, specifically within the /fos/admin/ajax.php component. This flaw allows potential attackers to manipulate settings without proper authorization. The issue arises in a functionality related to POST requests, enabling remote exploitation of the system. Users of version 2.0 should take immediate action to secure their installations and mitigate potential risks associated with this vulnerability.

Affected Version(s)

Online Food Ordering System 2.0

References

https://vuldb.com/?id.223214

vdb-entrytechnical-description

https://vuldb.com/?ctiid.223214

signature

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 16, 2023
Vulnerability Reserved
Mar 16, 2023

Credit

WWesleywww (VulDB User)