CVE-2022-32328

Name of the Vulnerable Software and Affected Versions Fast Food Ordering System version 1.0

Description The issue allows deletion of any file via the "/ffos/classes/Master.php?f=delete img" API endpoint. This endpoint is vulnerable to file deletion attacks, potentially allowing unauthorized access to sensitive data. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For Fast Food Ordering System version 1.0, as a temporary workaround, consider disabling the delete img function in the "/ffos/classes/Master.php" file until a patch is available. Restrict access to the "/ffos/classes/Master.php" API endpoint to minimize the risk of exploitation. Avoid using the f parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.