Shui007

**Name of the Vulnerable Software and Affected Versions** code-projects Food Ordering System version 1.0 **Description** A flaw exists in code-projects Food Ordering System 1.0 where manipulation of the `itemID` argument in an unknown function within the '/admin/deleteitem.php' file can lead to SQL injection. Remote exploitation is possible, and the exploit has been publicly released. **Recommendations** Apply any available updates or patches to address the SQL injection issue in the '/admin/deleteitem.php' file. As a temporary workaround, restrict access to the '/admin/deleteitem.php' file to minimize the risk of exploitation. Sanitize the `itemID` input parameter to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** code-projects Food Ordering System version 1.0 **Description** A flaw exists in code-projects Food Ordering System 1.0 that allows for SQL injection. The issue is located in the file '/admin/menu.php'. Manipulation of the `itemPrice` argument can trigger the injection. The attack can be carried out remotely. The exploit has been publicly disclosed. **Recommendations** Apply any available updates to address the vulnerability in the affected file '/admin/menu.php'. As a temporary workaround, restrict or carefully validate the `itemPrice` argument to prevent SQL injection attacks.