PT-2025-26468 · Code Projects · Simple Pizza Ordering System
Rom4J
·
Published
2025-06-20
·
Updated
2025-06-21
·
CVE-2025-6363
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
code-projects Simple Pizza Ordering System version 1.0
Description:
A critical issue was found in the Simple Pizza Ordering System. The problem is related to the manipulation of the
ingname argument, which leads to SQL injection. This issue can be exploited remotely, affecting an unknown function of the file /adding-exec.php.Recommendations:
For code-projects Simple Pizza Ordering System version 1.0, consider restricting access to the /adding-exec.php file until a patch is available. As a temporary workaround, avoid using the
ingname argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Simple Pizza Ordering System