SourceCodester Online Food Ordering System POST Request access control
CVE-2023-1432
9.8CRITICAL
What is CVE-2023-1432?
An improper access control vulnerability exists in the Online Food Ordering System by SourceCodester, specifically within the /fos/admin/ajax.php component. This flaw allows potential attackers to manipulate settings without proper authorization. The issue arises in a functionality related to POST requests, enabling remote exploitation of the system. Users of version 2.0 should take immediate action to secure their installations and mitigate potential risks associated with this vulnerability.
Affected Version(s)
Online Food Ordering System 2.0