CVE-2023-1100

Name of the Vulnerable Software and Affected Versions SourceCodester Online Catering Reservation System version 1.0

Description A critical vulnerability has been found in the SourceCodester Online Catering Reservation System. This issue affects the file /reservation/add message.php of the component POST Parameter Handler. The manipulation of the fullname argument leads to SQL injection. It is possible to initiate the attack remotely.

Recommendations For version 1.0, consider disabling the fullname parameter in the /reservation/add message.php file until a patch is available. Restrict access to the POST Parameter Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.