Vulnerabilities > Online Ordering System Project > Online Ordering System > High

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2022-31338 SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=.
network
low complexity
online-ordering-system-project CWE-89
7.5
2021-07-22 CVE-2021-25211 Unrestricted Upload of File with Dangerous Type vulnerability in Online Ordering System Project Online Ordering System 1.0
Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php.
network
low complexity
online-ordering-system-project CWE-434
7.5
2021-03-16 CVE-2021-28294 Unrestricted Upload of File with Dangerous Type vulnerability in Online Ordering System Project Online Ordering System 1.0
Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE).
network
low complexity
online-ordering-system-project CWE-434
7.5