Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SQL injection vulnerability in Order Up Online Ordering System
Vulnerability Description
SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of Order Up Online Ordering System 1.0 allows an unauthenticated attacker to access sensitive backend database data via a crafted store_id parameter in a POST request.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Online Ordering System 安全漏洞
Vulnerability Description
Online Ordering System是janobe个人开发者的一个多商店订购系统。可用于任何小型企业。 Online Ordering System 1.0版本存在安全漏洞,该漏洞源于/api/integrations/getintegrations端点存在SQL注入,可能导致未经验证的攻击者通过特制的store_id参数访问敏感的后端数据库数据。
CVSS Information
N/A
Vulnerability Type
N/A