Vulnerabilities (CVE)

Filtered by vendor Sourcecodester Subscribe
Filtered by product Restaurant Management System
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-18417 1 Sourcecodester 1 Restaurant Management System 2024-02-28 6.5 MEDIUM 8.8 HIGH
Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files.
CVE-2019-18414 1 Sourcecodester 1 Restaurant Management System 2024-02-28 6.8 MEDIUM 8.8 HIGH
Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page.