SQL Injection Vulnerability in Online Food Ordering System by SourceCodester
CVE-2023-24197

6.1MEDIUM

Key Information:

Vendor: Online Food Ordering System Project
Status: Online Food Ordering System
Vendor: CVE Published:; 6 February 2023

🔔 Create Online Food Ordering System Project Vulnerability Alert

What is CVE-2023-24197?

A SQL injection vulnerability has been identified in Online Food Ordering System v2, allowing unauthorized access and manipulation of the database through the 'id' parameter in the view_order.php file. Attackers can exploit this flaw to execute arbitrary SQL queries, potentially compromising sensitive data and overall system integrity.

References

https://www.sourcecodester.com/php/16022/online-food-orde...

https://github.com/xiumulty/CVE/blob/main/Online%20Food%2...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2023
Vulnerability Reserved
Jan 23, 2023

CVE-2023-24197 Data

JSON