U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:online_food_ordering_system_project:online_food_ordering_system:1.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 6 matching records.
Displaying matches 1 through 6.
Vuln ID Summary CVSS Severity
CVE-2024-0247

A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability.

Published: January 05, 2024; 2:15:08 PM -0500 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-27073

A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request.

Published: March 14, 2023; 11:15:12 AM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2020-29297

Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0.

Published: January 20, 2023; 2:15:13 PM -0500 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-36759

Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=.

Published: September 01, 2022; 11:15:07 PM -0400 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-29651

An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

Published: May 25, 2022; 9:15:07 AM -0400 		V4.0:(not available)
 V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2022-29650

Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php.

Published: May 25, 2022; 9:15:07 AM -0400 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH