A vulnerability classified as critical has been found in code-projects Online Ordering System 1.0. Affected is an unknown function of the file /admin/product.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability classified as critical was found in code-projects Online Ordering System 1.0. This vulnerability affects unknown code of the file /signup.php. The manipulation of the argument firstname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

A vulnerability was found in code-projects Online Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in code-projects Online Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/product.php. The manipulation of the argument Name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_member.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

A vulnerability has been found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/user.php. The manipulation of the argument un leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

A vulnerability, which was classified as critical, was found in code-projects Online Ordering System 1.0. Affected is an unknown function of the file /admin/delete_user.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in code-projects Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit_product.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Improper Input Validation vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks.This issue affects Online Ordering System: 8.2.1.  NOTE: Vulnerability fixed in version 8.2.2 and does not exist before 8.2.1.

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php.

An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file.

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&search=.

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&id=.

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/store/index.php?view=edit&id=.

Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php.

Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=.

Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=.

Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php.

Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php.

Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php.

Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php.

Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php.

Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=.

Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php.

Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=.

Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=.

Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php.

Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GPST/admin/design.php, which may lead to database information disclosure.

Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE).