Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
9.8
Critical
Discovered by
Offensive Team, Fluid Attacks
Summary
Full name
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Code name
State
Public
Release date
Nov 1, 2023
Affected product
Online Food Ordering System
Vendor
Projectworlds Pvt. Limited
Affected version(s)
Version 1.0
Vulnerability name
Unauthenticated SQL Injections (SQLi)
Vulnerability type
Remotely exploitable
Yes
CVSS v3.0 vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v3.0 base score
9.8
Exploit available
Yes
Description
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.
Vulnerabilities
CVE-2023-45323
The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:
CVE-2023-45325
The 'address' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:
CVE-2023-45334
The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:
CVE-2023-45336
The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:
CVE-2023-45338
The 'id' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:
CVE-2023-45340
The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:
CVE-2023-45341
The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:
CVE-2023-45342
The 'phone' parameter of the routers/register-router.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:
CVE-2023-45343
The 'ticket_id' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:
CVE-2023-45344
The '*_balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:
CVE-2023-45345
The '*_deleted' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:
CVE-2023-45346
The '*_role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:
CVE-2023-45347
The '*_verified' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:
Our security policy
We have reserved the IDs CVE-2023-45323, CVE-2023-45325, CVE-2023-45334, CVE-2023-45336, CVE-2023-45338, CVE-2023-45340, CVE-2023-45341, CVE-2023-45342, CVE-2023-45343, CVE-2023-45344, CVE-2023-45345, CVE-2023-45346 and CVE-2023-45347 to refer to these issues from now on.
System Information
Version: Online Food Ordering System v1.0
Operating System: Any
Mitigation
There is currently no patch available for this vulnerability.
References
Vendor page https://projectworlds.in/
Timeline
Vulnerability discovered
Oct 6, 2023
Vendor contacted
Oct 6, 2023
Public disclosure
Nov 1, 2023
