PT-2023-16116 · Sourcecodester · Sourcecodester Online Food Ordering System
Lohith19
·
Published
2023-01-12
·
Updated
2024-05-17
·
CVE-2023-0256
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Online Food Ordering System version 2.0
Description
A critical issue has been found in the Login Page component of the affected software. The issue is related to the manipulation of the
Username argument in the "/fos/admin/ajax.php?action=login" API endpoint, which leads to SQL injection. This can be exploited remotely.Recommendations
For SourceCodester Online Food Ordering System version 2.0, consider disabling the login functionality temporarily until a patch is available. Restrict access to the "/fos/admin/ajax.php?action=login" API endpoint to minimize the risk of exploitation. Avoid using the
Username argument in the affected API endpoint until the issue is resolved.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Online Food Ordering System