CVE Details
Basic Information
| Title | code-projects Restaurant Order System payment.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-16T13:00:08.092Z |
| Last Seen |
Product Information
| Vendor | code-projects |
|---|---|
| Product | Restaurant Order System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A SQL injection vulnerability exists in the Restaurant Order System 1.0, specifically in the payment.php file. This vulnerability is caused by improper handling of the tabidNoti argument, allowing remote attackers to inject malicious SQL code. The issue has been publicly disclosed and could be exploited. |
|---|---|
| AI Severity | High |
| Vendor | code-projects |
| Product | Restaurant Order System |
| Affected Version | 1.0 |
Affected Products
- code-projects Restaurant Order System 1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability has been found in code-projects Restaurant Order System 1.0 and classified as critical. This vulnerability affects unknown code of the file /payment.php. The manipulation of the argument tabidNoti leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.