← back
CVE-2023-0256

SourceCodester Online Food Ordering System Login Page sql injection

CVSS 6.3 MEDIUMEPSS 0.5%CWE-89
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.3EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Jan 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /fos/admin/ajax.php?action=login of the component Login Page. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-218184.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →