CVE-2023-45339

Name of the Vulnerable Software and Affected Versions Online Food Ordering System version 1.0

Description The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the type parameter of the "routers/add-ticket.php" resource does not validate the characters received and they are sent unfiltered to the database. This allows for potential SQL injection attacks without the need for authentication.

Recommendations For Online Food Ordering System version 1.0, as a temporary workaround, consider validating and filtering the input for the type parameter in the "routers/add-ticket.php" resource to prevent SQL injection attacks. Restrict access to this resource until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.