SQL Injection Vulnerability in Food Ordering System by Haxxorsid
CVE-2023-36968

7.2HIGH

Key Information:

Vendor: Food Ordering System Project
Status: Food Ordering System
Vendor: CVE Published:; 6 July 2023

🔔 Create Food Ordering System Project Vulnerability Alert

What is CVE-2023-36968?

A SQL Injection vulnerability in version 1.0 of the Food Ordering System enables attackers to execute malicious SQL commands by manipulating the ID parameter of the application. This vulnerability poses a serious risk as it allows unauthorized interaction with the database, potentially compromising sensitive information.

References

https://github.com/haxxorsid/food-ordering-system

https://okankurtulus.com.tr/2023/06/21/food-ordering-syst...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 6, 2023
Vulnerability Reserved
Jun 28, 2023

CVE-2023-36968 Data

JSON