Unknown · Canteen Management System · CVE-2022-43276
**Name of the Vulnerable Software and Affected Versions**
Canteen Management System version 1.0
**Description**
The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `productId` parameter at the "/php action/fetchSelectedfood.php" API endpoint.
**Recommendations**
For Canteen Management System version 1.0, consider restricting access to the `/php action/fetchSelectedfood.php` endpoint until a patch is available. As a temporary workaround, avoid using the `productId` parameter in the affected API endpoint to minimize the risk of exploitation.