CVE Details
Basic Information
| Title | code-projects Online Ordering System product.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-07-27T16:02:06.108Z |
| Modified | 2025-07-27T16:02:06.108Z |
Product Information
| Vendor | code-projects |
|---|---|
| Product | Online Ordering System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A SQL injection vulnerability in code-projects Online Ordering System version 1.0 allows remote attackers to inject malicious SQL code via the Name argument in product.php. This could lead to unauthorized data access or modification. The CVSS score of 6.9 indicates a medium severity level. |
|---|---|
| AI Severity | Medium |
| AI Vendor | code-projects |
| AI Product | Online Ordering System |
| AI Version | 1.0 |
Affected Products
- code-projects Online Ordering System 1.0
Additional Information
| CWE List | CWE-89, CWE-74 |
|---|---|
| Source | VulDB |
Description
A vulnerability was found in code-projects Online Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/product.php. The manipulation of the argument Name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.