ProjectWorlds Online Food Ordering System 1.0
Approved changes feed: RSS · Atom
cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*
part: a version: 1.0 update: *
| Vendor | Projectworlds (1c49ba31-3767-5ff6-9610-c6dcb2aee835) |
|---|---|
| Product | Online Food Ordering System (7dc42c4c-ebfd-59b9-bc8a-e8ef8c933e71) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-2136 |
vulnerable | 2026-06-03 15:19:23.578350 |
projectworlds Online Food Ordering System view-ticket.php sql injection
HIGH (7.3)
A flaw has been found in projectworlds Online Food Ordering System 1.0. This affects an unknown function of the file /view-ticket.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
Published: 2026-02-08T05:02:06.716Z
Updated: 2026-02-23T09:38:18.396Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-4936 |
vulnerable | 2026-06-03 15:01:48.999541 |
projectworlds Online Food Ordering System admin-page.php sql injection
HIGH (7.3)
A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin-page.php. The manipulation of the argument 1_price leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Published: 2025-05-19T14:31:04.591Z
Updated: 2025-05-19T15:21:33.808Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-11604 |
vulnerable | 2026-06-03 14:58:42.755420 |
projectworlds Online Ordering Food System all-orders.php sql injection
HIGH (7.3)
A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Published: 2025-10-11T14:02:05.580Z
Updated: 2025-10-17T14:38:05.577Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-57328 |
vulnerable | 2026-06-03 14:57:50.544677 |
Details available
A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The vulnerability arises because the input fields username and password are not properly sanitized, allowing attackers to inject malicious SQL queries to bypass authentication and gain unauthorized access.
Published: 2025-01-23T00:00:00.000Z
Updated: 2025-01-24T21:16:33.804Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45344 |
vulnerable | 2026-06-03 14:53:07.958140 |
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
CRITICAL (9.8)
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2023-11-02T13:57:07.765Z
Updated: 2024-09-17T13:09:07.695Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45343 |
vulnerable | 2026-06-03 14:53:07.957803 |
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
CRITICAL (9.8)
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ticket_id' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2023-11-02T13:59:16.838Z
Updated: 2024-08-02T20:21:16.474Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45342 |
vulnerable | 2026-06-03 14:53:07.957544 |
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
CRITICAL (9.8)
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/register-router.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2023-11-02T13:47:58.195Z
Updated: 2024-08-02T20:21:15.954Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45341 |
vulnerable | 2026-06-03 14:53:07.957241 |
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
CRITICAL (9.8)
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2023-11-02T13:58:33.567Z
Updated: 2025-06-12T14:32:18.454Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45340 |
vulnerable | 2026-06-03 14:53:07.956867 |
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
CRITICAL (9.8)
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2023-11-02T13:38:56.311Z
Updated: 2024-08-02T20:21:16.367Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45336 |
vulnerable | 2026-06-03 14:53:07.954668 |
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
CRITICAL (9.8)
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2023-11-02T13:26:16.010Z
Updated: 2024-08-02T20:21:16.203Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45334 |
vulnerable | 2026-06-03 14:53:07.954347 |
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
CRITICAL (9.8)
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2023-11-02T13:24:51.598Z
Updated: 2024-09-17T13:09:43.134Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45325 |
vulnerable | 2026-06-03 14:53:07.953562 |
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
CRITICAL (9.8)
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'address' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2023-11-02T13:12:58.449Z
Updated: 2024-09-17T13:10:39.856Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45323 |
vulnerable | 2026-06-03 14:53:07.952992 |
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
CRITICAL (9.8)
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: 2023-11-02T13:08:55.439Z
Updated: 2024-09-17T13:11:28.757Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.