Filtered by vendor Carmelo
Subscriptions
Filtered by product Food Ordering Review System
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-56280 | 1 Carmelo | 1 Food Ordering Review System | 2025-09-18 | 5.4 Medium |
| code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the area where users submit reservation information. | ||||
| CVE-2025-56276 | 1 Carmelo | 1 Food Ordering Review System | 2025-09-18 | 5.4 Medium |
| code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the registration function. An attacker enters malicious JavaScript code as a username, which triggers the XSS vulnerability when the admin views user information, resulting in the disclosure of the admin's cookie information. | ||||
| CVE-2025-8165 | 2 Carmelo, Code-projects | 2 Food Ordering Review System, Food Review System | 2025-08-05 | 6.3 Medium |
| A vulnerability was found in code-projects Food Review System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/approve_reservation.php. The manipulation of the argument occasion leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8018 | 1 Carmelo | 1 Food Ordering Review System | 2025-07-29 | 6.3 Medium |
| A vulnerability was found in code-projects Food Ordering Review System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user/reservation_page.php. The manipulation of the argument reg_Id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2025-7814 | 1 Carmelo | 1 Food Ordering Review System | 2025-07-29 | 7.3 High |
| A vulnerability classified as critical was found in code-projects Food Ordering Review System 1.0. This vulnerability affects unknown code of the file /pages/signup_function.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
Page 1 of 1.