← back
CVE-2023-0906

SourceCodester Online Pizza Ordering System POST Parameter ajax.php delete_category missing authentication

CVSS 7.3 HIGHEPSS 0.7%CWE-306
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.3EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
18 Feb 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. Affected by this vulnerability is the function delete_category of the file ajax.php of the component POST Parameter Handler. The manipulation leads to missing authentication. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-221455.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected products
SourceCodester · Online Pizza Ordering System

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://vuldb.com/?ctiid.221455https://vuldb.com/?id.221455