CVE-2023-0902

LOW

Simple Food Ordering System 1.0 - Cross-Site Scripting in process_order.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-0902. PoCs published by Muhammad Navaid Zafar Ansari.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in Simple Food Ordering System v1.0 via the 'order' parameter in process_order.php. It includes payloads for verification and cookie theft via Burp Collaborator.

Description

A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Muhammad Navaid Zafar Ansari · textwebappsphp
https://www.exploit-db.com/exploits/51292

This exploit demonstrates a reflected XSS vulnerability in Simple Food Ordering System v1.0 via the 'order' parameter in process_order.php. It includes payloads for verification and cookie theft via Burp Collaborator.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Simple Food Ordering System v1.0
Auth required
Prerequisites: Access to a valid user account · User interaction to trigger the payload
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Muhammad Navaid Zafar Ansari · textwebappsphp
https://www.exploit-db.com/exploits/51287

This exploit demonstrates a SQL Injection vulnerability in Employee Task Management System v1.0 via the 'task_id' parameter in edit-task.php. The PoC includes a crafted HTTP request that extracts database information such as version, database name, and user.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Employee Task Management System v1.0
Auth required
Prerequisites: Admin assigns a task to an employee · Employee access to edit-task.php
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory vdb-entry technical-description
https://vuldb.com/?id.221451
Permissions Required, Third Party Advisory signature permissions-required
https://vuldb.com/?ctiid.221451

Scores

CVSS v3 3.5
EPSS 0.0269
EPSS Percentile 83.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
simple_food_ordering_system_project/simple_food_ordering_system 1.0
Published Feb 18, 2023
Tracked Since Feb 18, 2026