Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.
References
| Link | Resource |
|---|---|
| https://fluidattacks.com/advisories/hann | Exploit Third Party Advisory |
| https://projectworlds.in/ | Product |
| https://fluidattacks.com/advisories/hann | Exploit Third Party Advisory |
| https://projectworlds.in/ | Product |
Configurations
History
21 Nov 2024, 08:26
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://fluidattacks.com/advisories/hann - Exploit, Third Party Advisory | |
| References | () https://projectworlds.in/ - Product |
09 Nov 2023, 15:23
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Projectworlds online Food Ordering System
|
|
| CPE | cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:* |
09 Nov 2023, 14:19
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Projectworlds
Projectworlds online Food Ordering Script |
|
| References | (MISC) https://projectworlds.in/ - Product | |
| References | (MISC) https://fluidattacks.com/advisories/hann - Exploit, Third Party Advisory | |
| CPE | cpe:2.3:a:projectworlds:online_food_ordering_script:1.0:*:*:*:*:*:*:* |
02 Nov 2023, 14:26
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-11-02 14:15
Updated : 2024-11-21 08:26
NVD link : CVE-2023-45344
Mitre link : CVE-2023-45344
CVE.ORG link : CVE-2023-45344
JSON object : View
Products Affected
projectworlds
- online_food_ordering_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')