CVE Details
Basic Information
| Title | code-projects Online Ordering System signup.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-07-28T00:02:06.348Z |
| Modified | 2025-07-28T00:02:06.348Z |
Product Information
| Vendor | code-projects |
|---|---|
| Product | Online Ordering System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A critical SQL injection vulnerability exists in the signup feature of code-projects Online Ordering System version 1.0, allowing remote attackers to inject malicious SQL code through the ‘firstname’ parameter. |
|---|---|
| AI Severity | Medium |
| AI Vendor | code-projects |
| AI Product | Online Ordering System |
| AI Version | 1.0 |
Affected Products
- code-projects Online Ordering System 1.0
Additional Information
| CWE List | CWE-89, CWE-74 |
|---|---|
| Source | VulDB |
Description
A vulnerability classified as critical was found in code-projects Online Ordering System 1.0. This vulnerability affects unknown code of the file /signup.php. The manipulation of the argument firstname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.