CVE Details
Basic Information
| Title | code-projects Simple Pizza Ordering System salesreport.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-22T14:00:16.245Z |
| Last Seen |
Product Information
| Vendor | code-projects |
|---|---|
| Product | Simple Pizza Ordering System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical SQL injection vulnerability was discovered in the Simple Pizza Ordering System 1.0. This vulnerability allows remote attackers to inject malicious SQL code via the ‘dayfrom’ argument in the salesreport.php file, potentially leading to unauthorized data access and manipulation. |
|---|---|
| AI Severity | High |
| Vendor | code-projects |
| Product | Simple Pizza Ordering System |
| Affected Version | 1.0 |
Affected Products
- code-projects Simple Pizza Ordering System 1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability classified as critical has been found in code-projects Simple Pizza Ordering System 1.0. This affects an unknown part of the file /salesreport.php. The manipulation of the argument dayfrom leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.