CVE-2023-0906
HIGHOnline Pizza Ordering System 1.0 - Missing Authentication in POST Parameter Handler
Title source: llmDescription
A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. Affected by this vulnerability is the function delete_category of the file ajax.php of the component POST Parameter Handler. The manipulation leads to missing authentication. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-221455.
References (2)
Core 2
Core References
Permissions Required vdb-entry
technical-description
https://vuldb.com/?id.221455
Permissions Required signature
https://vuldb.com/?ctiid.221455
Scores
CVSS v3
7.3
EPSS
0.0066
EPSS Percentile
46.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-306
Status
published
Products (1)
online_pizza_ordering_system_project/online_pizza_ordering_system
1.0
Published
Feb 18, 2023
Tracked Since
Feb 18, 2026