CVE-2022-31327

Name of the Vulnerable Software and Affected Versions Online Ordering System By janobe version 2.3.2

Description The issue is related to SQL Injection, which can be exploited via the "/ordering/index.php?q=products&id=" endpoint. The id variable is vulnerable to SQL injection attacks.

Recommendations For version 2.3.2, consider restricting access to the "/ordering/index.php?q=products&id=" endpoint until a patch is available. As a temporary workaround, avoid using the id variable in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.