CVE-2023-45344

Name of the Vulnerable Software and Affected Versions Online Food Ordering System version 1.0

Description The Online Food Ordering System is affected by multiple Unauthenticated SQL Injection vulnerabilities. The issue arises from the * balance parameter of the routers/user-router.php resource, which fails to validate the characters received, sending them unfiltered to the database.

Recommendations For Online Food Ordering System version 1.0, as a temporary workaround, consider validating and filtering the * balance parameter in the routers/user-router.php resource to prevent SQL injection attacks. Restrict access to the user-router.php resource until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.