CVE-2021-41647

Name of the Vulnerable Software and Affected Versions Kaushik Jadhav Online Food Ordering Web App version 1.0

Description An un-authenticated error-based and time-based blind SQL injection issue exists. An attacker can exploit the vulnerable username parameter in "login.php" and retrieve sensitive database information, as well as add an administrative user.

Recommendations For Kaushik Jadhav Online Food Ordering Web App version 1.0, consider disabling the username parameter in the "login.php" file until a patch is available. Restrict access to the "login.php" file to minimize the risk of exploitation. Avoid using the username parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.