Online_ordering_system_project Online_ordering_system

21 CVEs affecting Online_ordering_system_project Online_ordering_system. Latest disclosed: 2025-07-17. Critical: 13, High: 7.

Top CVEs affecting Online_ordering_system_project Online_ordering_system
CVESeverityScorePublishedSummary
CVE-2022-31357Critical9.82022-06-17Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&id=.
CVE-2022-31356Critical9.82022-06-17Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/store/index.php?view=edit&id=.
CVE-2022-31355Critical9.82022-06-17Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&search=.
CVE-2022-31338Critical9.82022-06-02Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=.
CVE-2022-31337Critical9.82022-06-02Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=.
CVE-2022-31336Critical9.82022-06-02Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php.
CVE-2022-31335Critical9.82022-06-02Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=.
CVE-2022-31329Critical9.82022-06-02Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php.
CVE-2022-31328Critical9.82022-06-02Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=.
CVE-2022-31327Critical9.82022-06-02Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=.
CVE-2022-30797Critical9.82022-06-02Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php.
CVE-2021-25211Critical9.82021-07-22Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\p…
CVE-2021-28294Critical9.82021-03-16Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution…
CVE-2022-36581High7.52022-08-31Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php.
CVE-2021-28295High7.52021-03-16Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GPST/admin/design.php, which may lead to database information…
CVE-2022-36580High7.22022-08-31An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute…
CVE-2022-30799High7.22022-06-02Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php.
CVE-2022-30798High7.22022-06-02Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php.
CVE-2022-30795High7.22022-06-02Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php.
CVE-2022-30794High7.22022-06-02Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php.