Projectworlds Online Food Ordering System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Projectworlds Online Food Ordering System.
By the Year
In 2026 there have been 1 vulnerability in Projectworlds Online Food Ordering System with an average score of 7.3 out of ten. Last year, in 2025 Online Food Ordering System had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Online Food Ordering System in 2026 could surpass last years number. Last year, the average CVE base score was greater by 2.50
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 7.30 |
| 2025 | 2 | 9.80 |
| 2024 | 0 | 0.00 |
| 2023 | 21 | 9.80 |
It may take a day or so for new Online Food Ordering System vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Projectworlds Online Food Ordering System Security Vulnerabilities
ProjectWorlds OOS 1.0 SQLi via /view-ticket.php ID
CVE-2026-2136
7.3 - High
- February 08, 2026
A flaw has been found in projectworlds Online Food Ordering System 1.0. This affects an unknown function of the file /view-ticket.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
SQL Injection
Critical SQLi in projectworlds Order Sys 1.0 via 1_price (admin-page.php)
CVE-2025-4936
9.8 - Critical
- May 19, 2025
A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin-page.php. The manipulation of the argument 1_price leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
Online Food Ordering System v1.0: SQL Injection in Login
CVE-2024-57328
9.8 - Critical
- January 23, 2025
A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The vulnerability arises because the input fields username and password are not properly sanitized, allowing attackers to inject malicious SQL queries to bypass authentication and gain unauthorized access.
SQL Injection
SQLi in Online Food Ordering System 1.0 via routers/add-item.php 'name' param
CVE-2023-45323
9.8 - Critical
- November 02, 2023
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database.
SQL Injection
CVE-2023-45328: Withdrawn/Rejected CVE ID
CVE-2023-45328
- November 02, 2023
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
SQLi in Online Food Order Sys v1.0 via router.php pass param
CVE-2023-45336
9.8 - Critical
- November 02, 2023
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database.
SQL Injection
Unknown CVE Rejection: CVE-2023-45337
CVE-2023-45337
- November 02, 2023
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Unknown CVE-2023-45339 Withdrawn by CVE Authority
CVE-2023-45339
- November 02, 2023
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Online Food Ordering System 1.0 - Unauth SQLi via routers/details-router.php
CVE-2023-45340
9.8 - Critical
- November 02, 2023
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database.
SQL Injection
Online Food Ordering System v1.0 Unauth SQLi via *_price in routers/menu-router.php
CVE-2023-45341
9.8 - Critical
- November 02, 2023
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database.
SQL Injection
Unauth SQL Injection in Online Food Ordering System v1.0 (register-router.php)
CVE-2023-45342
9.8 - Critical
- November 02, 2023
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/register-router.php resource does not validate the characters received and they are sent unfiltered to the database.
SQL Injection
SQL Injection unauth in OFOS v1.0 ticket_id via routers/ticket-message.php
CVE-2023-45343
9.8 - Critical
- November 02, 2023
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ticket_id' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database.
SQL Injection
Online Food Ordering System v1.0 Unauthenticated SQL Injection in user-router.php
CVE-2023-45344
9.8 - Critical
- November 02, 2023
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.
SQL Injection
CVE-2023-45324: CVE ID Withdrawn | No Identified Vulnerability
CVE-2023-45324
- November 02, 2023
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
SQLi in Online Food Ordering Sys v1.0 through address param
CVE-2023-45325
9.8 - Critical
- November 02, 2023
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'address' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.
SQL Injection
CVE-2023-45326 Reject: Vendor/Product Unknown
CVE-2023-45326
- November 02, 2023
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-45327 Rejected: No vulnerable product identified
CVE-2023-45327
- November 02, 2023
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-45329: Rejected by CVE Numbering Authority
CVE-2023-45329
- November 02, 2023
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Rejected CVE-2023-45330: No vulnerable component identified
CVE-2023-45330
- November 02, 2023
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-45331: Rejected/Withdrawn ID No Product
CVE-2023-45331
- November 02, 2023
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Rejection of CVE-2023-45332
CVE-2023-45332
- November 02, 2023
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-45333 Withdrawn: Unknown Component
CVE-2023-45333
- November 02, 2023
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Unauthenticated SQLi in Online Food Ordering System v1.0 - routers/edit-orders.php
CVE-2023-45334
9.8 - Critical
- November 02, 2023
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database.
SQL Injection
CVE-2023-45335 Rejected/Withdrawn by CNA
CVE-2023-45335
- November 02, 2023
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Projectworlds Online Food Ordering System or by Projectworlds? Click the Watch button to subscribe.
