Wang Chen Jun

**Name of the Vulnerable Software and Affected Versions** Online Ordering System version 2.3.2 **Description** The issue is related to a SQL injection vulnerability. It can be exploited via the "/ordering/admin/store/index.php?view=edit&id=" API endpoint, specifically through the `id` variable. This vulnerability allows for potential unauthorized access and manipulation of database content. **Recommendations** For Online Ordering System version 2.3.2, consider disabling access to the "/ordering/admin/store/index.php?view=edit&id=" endpoint until a patch is available. Restrict the use of the `id` variable in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Ordering System version 2.3.2 **Description** The issue is related to a SQL injection vulnerability. It can be exploited via the `/ordering/admin/inventory/index.php?view=edit&id=` endpoint, specifically through the `id` parameter. **Recommendations** For Online Ordering System version 2.3.2, as a temporary workaround, consider restricting access to the `/ordering/admin/inventory/index.php?view=edit&id=` endpoint until a patch is available. Avoid using the `id` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.