Vulnerabilities > Online Ordering System Project > Online Ordering System

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2022-31329 SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2
Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php.
network
low complexity
online-ordering-system-project CWE-89
7.5
2022-06-02 CVE-2022-31335 SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=.
network
low complexity
online-ordering-system-project CWE-89
7.5
2022-06-02 CVE-2022-31336 SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php.
network
low complexity
online-ordering-system-project CWE-89
7.5
2022-06-02 CVE-2022-31337 SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=.
network
low complexity
online-ordering-system-project CWE-89
7.5
2022-06-02 CVE-2022-31338 SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=.
network
low complexity
online-ordering-system-project CWE-89
7.5
2021-07-22 CVE-2021-25211 Unrestricted Upload of File with Dangerous Type vulnerability in Online Ordering System Project Online Ordering System 1.0
Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php.
network
low complexity
online-ordering-system-project CWE-434
7.5
2021-03-16 CVE-2021-28295 SQL Injection vulnerability in Online Ordering System Project Online Ordering System 1.0
Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GPST/admin/design.php, which may lead to database information disclosure.
network
low complexity
online-ordering-system-project CWE-89
5.0
2021-03-16 CVE-2021-28294 Unrestricted Upload of File with Dangerous Type vulnerability in Online Ordering System Project Online Ordering System 1.0
Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE).
network
low complexity
online-ordering-system-project CWE-434
7.5