CVE-2023-1365

CWE-89SQL InjectionCWE-190Integer OverflowCWE-125Out-of-bounds Read5 documents4 sources
Severity
7.5HIGH
EPSS
0.3%
top 46.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Online Pizza Ordering SystemOnline Pizza Ordering System Project Online Pizza Ordering System
Timeline
PublishedMar 13
Latest updateOct 1

Description

A vulnerability was found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222872.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-jxqg-p2g2-h68r: A vulnerability was found in SourceCodester Online Pizza Ordering System 12023-03-13
CVEList
SourceCodester Online Pizza Ordering System ajax.php sql injection2023-03-13

📋Vendor Advisories

2
Red Hat
kernel: x86/MCE/AMD: Use an u64 for bank_map2025-10-01
Red Hat
kernel: FS:JFS:UBSAN: array-index-out-of-bounds in dbAdjTree2024-03-06
CVE-2023-1365 (HIGH CVSS 7.5) | A vulnerability was found in Source | cvebase.io