SQL Injection Vulnerability in PHPJabbers Food Delivery Script
CVE-2023-40748

9.8CRITICAL

Key Information:

Vendor: PHPjabbers
Status: Food Delivery Script
Vendor: CVE Published:; 28 August 2023

What is CVE-2023-40748?

The PHPJabbers Food Delivery Script version 3.0 contains a SQL injection vulnerability in the 'q' parameter of index.php. This flaw enables attackers to manipulate backend database queries by injecting malicious SQL statements through user inputs, potentially compromising sensitive data and system integrity. Website operators using this script should apply necessary security measures and updates to mitigate exposure.

References

https://www.phpjabbers.com/food-delivery-script/

https://medium.com/%40mfortinsec/multiple-vulnerabilities...

EPSS Score

25% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 28, 2023
Vulnerability Reserved
Aug 22, 2023

PHPjabbers

What is CVE-2023-40748?

References

EPSS Score

CVSS V3.1

Timeline