Skip to main content

Simple Food Website

3 CVEs product

Monthly

CVE-2022-30015 MEDIUM POC This Month

In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Food Website
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30014 HIGH POC This Week

Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Simple Food Website
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-34166 CRITICAL POC Act Now

A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become Admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Food Website
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.9%
EPSS 1% CVSS 5.4
MEDIUM POC This Month

In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Food Website
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Simple Food Website
NVD GitHub VulDB
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become Admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Food Website
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy