CVE-2025-2387: SourceCodester Online Food Ordering System ajax.php sql injection
First published: Mon Mar 17 2025(Updated: )
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument pid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Online Food Ordering System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2387?
CVE-2025-2387 is classified as a critical vulnerability.
How do I fix CVE-2025-2387?
To fix CVE-2025-2387, validate and sanitize user inputs in the /admin/ajax.php?action=add_to_cart function to prevent SQL injection.
What systems are affected by CVE-2025-2387?
CVE-2025-2387 affects SourceCodester Online Food Ordering System version 2.0.
What type of vulnerability is CVE-2025-2387?
CVE-2025-2387 is an SQL injection vulnerability due to improper handling of the 'pid' argument.
Can CVE-2025-2387 be exploited remotely?
Yes, CVE-2025-2387 can be exploited remotely by sending crafted requests to the affected endpoint.
- agent/references
- agent/title
- agent/description
- agent/type
- agent/weakness
- agent/first-publish-date
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/source
- agent/severity
- agent/author
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/sourcecodester
- canonical/online food ordering system