漏洞详情: CVE-2024-6253

漏洞标题
itsourcecode Online Food Ordering System purchase.php sql injection
来源:NVD
Online Food Ordering System和Food Ordering System SQL注入漏洞
来源:CNNVD
漏洞描述
A vulnerability was found in itsourcecode Online Food Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /purchase.php. The manipulation of the argument customer leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269420.
来源:NVD
Online Food Ordering System是Carlo Montero个人开发者的一个在线食品订购系统。 Online Food Ordering System 1.0版本存在SQL注入漏洞,该漏洞源于对参数 customer 的错误操作会导致 sql 注入。
来源:CNNVD
NVD 暂无描述信息
来源:神龙机器人
漏洞评分(CVSS)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
来源:NVD
漏洞类别
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
来源:NVD
SQL注入
来源:CNNVD
相关链接