CVE-2023-45342 CRITICAL

CVE-2023-45342: Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Vendor Projectworlds Pvt. Limited
Product Online Food Ordering System
Weakness CWE-89 · SQLi
Published November 2, 2023
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/register-router.php resource does not validate the characters received and they are sent unfiltered to the database.

Key dates

02Disclosure timeline

November 2, 2023 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2020-37083 addressbook 9.0.0.1 - 'id' SQL Injection CVE-2025-30589 WordPress Flickr set slideshows plugin <= 0.9 - SQL Injection Vulnerability CVE-2024-9039 SourceCodester Best House Rental Management System ajax.php sql injection CVE-2025-13495 FluentCart A New Era of eCommerce <= 1.3.1 - Authenticated (Administrator+) SQL Injection via 'groupKey' Parameter CVE-2022-45786 Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection