CVE-2023-0256

Name of the Vulnerable Software and Affected Versions SourceCodester Online Food Ordering System version 2.0

Description A critical issue has been found in the Login Page component of the affected software. The issue is related to the manipulation of the Username argument in the "/fos/admin/ajax.php?action=login" API endpoint, which leads to SQL injection. This can be exploited remotely.

Recommendations For SourceCodester Online Food Ordering System version 2.0, consider disabling the login functionality temporarily until a patch is available. Restrict access to the "/fos/admin/ajax.php?action=login" API endpoint to minimize the risk of exploitation. Avoid using the Username argument in the affected API endpoint until the issue is resolved.