PT-2023-26048 · Unknown · Codeprojects Online Restaurant Management System
1337Kid
·
Published
2023-07-12
·
Updated
2023-07-20
·
CVE-2023-37627
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Code-projects Online Restaurant Management System version 1.0
Description
The issue allows an attacker to perform SQL injection, which can be used to bypass the admin panel. This enables the attacker to view order records, add items, and delete items.
Recommendations
For Code-projects Online Restaurant Management System version 1.0, consider restricting access to the admin panel and sensitive database operations until a patch is available. As a temporary workaround, disabling any functionality that allows user input to be directly executed as SQL commands can help minimize the risk of exploitation.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Codeprojects Online Restaurant Management System