CVE-2020-29284

Name of the Vulnerable Software and Affected Versions Multi Restaurant Table Reservation System version 1.0

Description The issue arises from the lack of input validation on the table id parameter in the file view-chair-list.php, allowing unauthenticated SQL Injection. An attacker can exploit this by sending malicious input in the GET request to "/dashboard/view-chair-list.php?table id=".

Recommendations For Multi Restaurant Table Reservation System version 1.0, consider disabling the view-chair-list.php file or restricting access to the "/dashboard/view-chair-list.php" endpoint until a patch is available. Avoid using the table id parameter in the affected API endpoint until the issue is resolved.