PT-2024-37455 · Sourcecodester · Sourcecodester Food Ordering Management System
Jadu101
·
Published
2024-06-20
·
Updated
2024-12-22
·
CVE-2024-6213
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
SourceCodester Food Ordering Management System versions up to 1.0
Description:
A critical issue has been found in the SourceCodester Food Ordering Management System, affecting the file login.php of the Login Panel. The manipulation of the
username argument leads to SQL injection. This issue can be exploited remotely. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.Recommendations:
For SourceCodester Food Ordering Management System versions up to 1.0, update the system urgently to prevent exploitation. As a temporary workaround, consider restricting access to the
login.php file or disabling the username argument in the Login Panel until a patch is available.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Food Ordering Management System