SQL Injection Vulnerability in SourceCodester Online Pizza Ordering System
CVE-2023-30092

9.8CRITICAL

Key Information:

Vendor: Online Pizza Ordering System Project
Status: Online Pizza Ordering System
Vendor: CVE Published:; 8 May 2023

🔔 Create Online Pizza Ordering System Project Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2023-30092?

The Online Pizza Ordering System by SourceCodester, version 1.0, exhibits a SQL injection vulnerability through the QTY parameter. This weakness allows attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive data or manipulation of the database. It is crucial for users and administrators to apply necessary security measures to mitigate the risks associated with this vulnerability.

References

https://www.sourcecodester.com/php/16166/online-pizza-ord...

https://github.com/nawed20002/CVE-2023-30092

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 8, 2023
👾
Exploit known to exist
May 8, 2023
Vulnerability published
May 8, 2023
Vulnerability Reserved
Apr 7, 2023

CVE-2023-30092 Data

JSON