SQL Injection Vulnerability in Food Ordering System by Oretnom23
CVE-2023-24647

7.5HIGH

Key Information:

Vendor: Online Food Ordering System Project
Status: Online Food Ordering System
Vendor: CVE Published:; 13 February 2023

🔔 Create Online Food Ordering System Project Vulnerability Alert

What is CVE-2023-24647?

A SQL injection vulnerability exists in version 2.0 of the Food Ordering System, allowing attackers to manipulate SQL queries via the email parameter, potentially exposing sensitive data and compromising the application's integrity.

References

https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/mai...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2023
Vulnerability Reserved
Jan 30, 2023

CVE-2023-24647 Data

JSON