Oretnom23 Online_food_ordering_system
29 CVEs affecting Oretnom23 Online_food_ordering_system. Latest disclosed: 2026-03-27. Critical: 9, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-30533 | Critical | 9.8 | 2026-03-27 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php file via the "id" parameter. |
CVE-2026-30532 | Critical | 9.8 | 2026-03-27 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter. |
CVE-2026-30530 | Critical | 9.8 | 2026-03-27 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_customer action). The ap… |
CVE-2023-30122 | Critical | 9.8 | 2023-05-05 | An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitr… |
CVE-2023-24646 | Critical | 9.8 | 2023-02-13 | An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a craft… |
CVE-2020-29297 | Critical | 9.8 | 2023-01-20 | Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0. |
CVE-2022-36759 | Critical | 9.8 | 2022-09-02 | Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=. |
CVE-2022-29650 | Critical | 9.8 | 2022-05-25 | Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php. |
CVE-2021-41644 | Critical | 9.8 | 2021-10-29 | Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image up… |
CVE-2026-30531 | High | 8.8 | 2026-03-27 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_category action). The ap… |
CVE-2026-30529 | High | 8.8 | 2026-03-27 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_user action). The applic… |
CVE-2026-30534 | High | 8.3 | 2026-03-27 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via the "id" parameter. |
CVE-2023-24647 | High | 7.5 | 2023-02-13 | Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter. |
CVE-2025-2387 | High | 7.3 | 2025-03-17 | A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /a… |
CVE-2024-0247 | High | 7.3 | 2024-01-05 | A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of t… |
CVE-2023-1432 | High | 7.3 | 2023-03-16 | A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of… |
CVE-2023-0332 | High | 7.3 | 2023-01-17 | A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file ad… |
CVE-2022-29651 | High | 7.2 | 2022-05-25 | An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafte… |
CVE-2023-27073 | Medium | 6.5 | 2023-03-14 | A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request. |
CVE-2023-0256 | Medium | 6.3 | 2023-01-12 | A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /f… |