CVE-2023-30092

CRITICAL

Online Pizza Ordering System 1.0 - SQL Injection via QTY Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-30092. PoCs published by nawed20002.

AI-analyzed exploit summary This repository provides a detailed writeup and reproduction steps for CVE-2023-30092, an SQL injection vulnerability in the Online Pizza Ordering System 1.0. The vulnerability is located in the QTY parameter of the AJAX.php endpoint, allowing remote attackers to execute arbitrary SQL commands.

Description

SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL Injection via the QTY parameter.

Exploits (1)

nomisec WRITEUP
by nawed20002 · poc
https://github.com/nawed20002/CVE-2023-30092

This repository provides a detailed writeup and reproduction steps for CVE-2023-30092, an SQL injection vulnerability in the Online Pizza Ordering System 1.0. The vulnerability is located in the QTY parameter of the AJAX.php endpoint, allowing remote attackers to execute arbitrary SQL commands.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Online Pizza Ordering System 1.0
No auth needed
Prerequisites: Access to the target application · Ability to intercept and modify HTTP requests
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0098
EPSS Percentile 57.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
online_pizza_ordering_system_project/online_pizza_ordering_system 1.0
Published May 08, 2023
Tracked Since Feb 18, 2026