Abhiram T

**Name of the Vulnerable Software and Affected Versions** code-projects Online Food Ordering System version 1.0 **Description** A cross-site scripting issue exists in the Order Module component, specifically within the file `/form/order.php`. Manipulation of the `cust id` argument can lead to the execution of malicious scripts. The attack can be performed remotely. The exploit is publicly available. **Recommendations** Apply a fix for code-projects Online Food Ordering System version 1.0.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Food Ordering System version 1.0 **Description** A flaw exists in the Shopping Cart Module of code-projects Online Food Ordering System version 1.0. The issue is located in the file `form/cart.php`. A manipulation of the `del` argument can lead to SQL injection. This attack can be carried out remotely. The exploit is publicly available. **Recommendations** Apply any available updates or patches for code-projects Online Food Ordering System version 1.0. As a temporary workaround, restrict or disable the use of the `del` argument in the `form/cart.php` file.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Food Ordering System version 1.0 **Description** A security issue exists in code-projects Online Food Ordering System 1.0, specifically within the Admin Login Module. The issue involves SQL injection, triggered by manipulating the `Username` argument when processing the `/admin.php` file. This allows for remote exploitation. The exploit is publicly available. **Recommendations** Apply any available updates or patches for version 1.0 to address the SQL injection issue in the Admin Login Module. As a temporary workaround, restrict access to the `/admin.php` file to minimize the risk of exploitation. Sanitize the `Username` input to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Patients Waiting Area Queue Management System version 1.0 **Description** A flaw exists in the Patient Check-In Module of the software, specifically within the `ValidateToken` function located in the `/php/api patient checkin.php` file. This can result in improper authorization, allowing remote attacks. The exploit for this issue is publicly available. **Recommendations** Apply any available updates to address the improper authorization issue in the `ValidateToken` function of the `/php/api patient checkin.php` file. As a temporary workaround, consider restricting access to the Patient Check-In Module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Patients Waiting Area Queue Management System version 1.0 **Description** A flaw exists in the processing of the `/patient-search.php` file within the software, leading to improper authorization. This issue can be exploited remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.