Simple Food Ordering System
Monthly
The Simple Food Ordering System through version 1.0 allows unauthenticated remote attackers to access sensitive database files through improper access controls in the Database Backup Handler component. Public exploit code exists for this vulnerability, which could enable attackers to retrieve database backups containing sensitive information. Configuration changes are recommended as no patch is currently available.
A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addproduct.php. Performing manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Cross-site scripting (XSS) in Simple Food Ordering System 1.0 allows remote attackers to inject malicious scripts via unsanitized input parameters (pname, category, price) in the /editproduct.php endpoint. The vulnerability requires user interaction (UI:P) but carries low integrity impact and has publicly available exploit code; EPSS probability remains minimal (0.03%) despite public POC availability, suggesting limited real-world adoption or exploitation barriers.
A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /editproduct.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Stored cross-site scripting (XSS) in Simple Food Ordering System 1.0 allows remote attackers to inject malicious scripts via the cname parameter in /addcategory.php, which are executed in the browsers of users viewing affected content. The vulnerability requires user interaction (UI:P) to exploit but has a public proof-of-concept available. Despite the low CVSS score (2.1) and minimal EPSS percentile (10%), the combination of remote network access and public exploit code necessitates prompt patching to prevent account compromise and session hijacking.
Stored cross-site scripting (XSS) in Simple Food Ordering System 1.0 allows remote attackers to inject malicious scripts through the pname, category, or price parameters in /addproduct.php, requiring user interaction to trigger payload execution. Public exploit code is available, and the vulnerability carries low severity (CVSS 2.1) due to the requirement for user interaction and limited scope of impact.
Reflected cross-site scripting (XSS) in Simple Food Ordering System 1.0 via the pname parameter in /editcategory.php allows remote attackers to inject malicious JavaScript that executes in users' browsers with minimal user interaction. The vulnerability requires user interaction (clicking a malicious link) but has low technical complexity and publicly available exploit code, though active exploitation remains unconfirmed and real-world impact is limited by the low EPSS score of 0.03% despite public POC availability.
SQL injection in Simple Food Ordering System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the cname parameter in /addcategory.php, compromising data confidentiality and integrity. The vulnerability has publicly available exploit code and is confirmed to have limited scope impact (affecting only data confidentiality, integrity, and availability of specific queries); however, EPSS score of 0.03% (8th percentile) suggests minimal real-world exploitation likelihood despite public availability of proof-of-concept code.
SQL injection in Simple Food Ordering System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the Category parameter in /addproduct.php. The vulnerability has low practical risk despite public exploit availability due to CVSS 2.1 scoring and minimal confidentiality/integrity impact, though it requires prior authentication. EPSS exploitation probability is extremely low at 0.03% percentile, suggesting limited real-world attack interest despite public POC availability.
SQL injection in Simple Food Ordering System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the Category parameter in /editproduct.php, with publicly available exploit code demonstrating the vulnerability. Despite a low CVSS score of 2.1, the vulnerability requires valid credentials and produces limited confidentiality impact, explaining the minimal EPSS exploitation probability of 0.03%.
SQL injection in Simple Food Ordering System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the cname parameter in editcategory.php, resulting in limited confidentiality and integrity impact. Publicly available exploit code exists; however, the EPSS score of 0.03% indicates minimal real-world exploitation probability despite remote network accessibility and low attack complexity.
A vulnerability was identified in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /product.php. Such manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
The Simple Food Ordering System through version 1.0 allows unauthenticated remote attackers to access sensitive database files through improper access controls in the Database Backup Handler component. Public exploit code exists for this vulnerability, which could enable attackers to retrieve database backups containing sensitive information. Configuration changes are recommended as no patch is currently available.
A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addproduct.php. Performing manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Cross-site scripting (XSS) in Simple Food Ordering System 1.0 allows remote attackers to inject malicious scripts via unsanitized input parameters (pname, category, price) in the /editproduct.php endpoint. The vulnerability requires user interaction (UI:P) but carries low integrity impact and has publicly available exploit code; EPSS probability remains minimal (0.03%) despite public POC availability, suggesting limited real-world adoption or exploitation barriers.
A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /editproduct.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Stored cross-site scripting (XSS) in Simple Food Ordering System 1.0 allows remote attackers to inject malicious scripts via the cname parameter in /addcategory.php, which are executed in the browsers of users viewing affected content. The vulnerability requires user interaction (UI:P) to exploit but has a public proof-of-concept available. Despite the low CVSS score (2.1) and minimal EPSS percentile (10%), the combination of remote network access and public exploit code necessitates prompt patching to prevent account compromise and session hijacking.
Stored cross-site scripting (XSS) in Simple Food Ordering System 1.0 allows remote attackers to inject malicious scripts through the pname, category, or price parameters in /addproduct.php, requiring user interaction to trigger payload execution. Public exploit code is available, and the vulnerability carries low severity (CVSS 2.1) due to the requirement for user interaction and limited scope of impact.
Reflected cross-site scripting (XSS) in Simple Food Ordering System 1.0 via the pname parameter in /editcategory.php allows remote attackers to inject malicious JavaScript that executes in users' browsers with minimal user interaction. The vulnerability requires user interaction (clicking a malicious link) but has low technical complexity and publicly available exploit code, though active exploitation remains unconfirmed and real-world impact is limited by the low EPSS score of 0.03% despite public POC availability.
SQL injection in Simple Food Ordering System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the cname parameter in /addcategory.php, compromising data confidentiality and integrity. The vulnerability has publicly available exploit code and is confirmed to have limited scope impact (affecting only data confidentiality, integrity, and availability of specific queries); however, EPSS score of 0.03% (8th percentile) suggests minimal real-world exploitation likelihood despite public availability of proof-of-concept code.
SQL injection in Simple Food Ordering System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the Category parameter in /addproduct.php. The vulnerability has low practical risk despite public exploit availability due to CVSS 2.1 scoring and minimal confidentiality/integrity impact, though it requires prior authentication. EPSS exploitation probability is extremely low at 0.03% percentile, suggesting limited real-world attack interest despite public POC availability.
SQL injection in Simple Food Ordering System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the Category parameter in /editproduct.php, with publicly available exploit code demonstrating the vulnerability. Despite a low CVSS score of 2.1, the vulnerability requires valid credentials and produces limited confidentiality impact, explaining the minimal EPSS exploitation probability of 0.03%.
SQL injection in Simple Food Ordering System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the cname parameter in editcategory.php, resulting in limited confidentiality and integrity impact. Publicly available exploit code exists; however, the EPSS score of 0.03% indicates minimal real-world exploitation probability despite remote network accessibility and low attack complexity.
A vulnerability was identified in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /product.php. Such manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.