Headline
CVE-2020-29297: SQL Injection Vulnerabilities · Issue #1 · tourist5/Online-food-ordering-system
Multiple SQL Injection vulnerabilies in tourist5 Online-food-ordering-system 1.0.
Hi,
You have lots of sql injection vulnerabilities. You can write your code with parametrized query for mitigation of sql injection.
Example-1:
https://github.com/tourist5/Online-food-ordering-system/blob/main/all-tickets.php
if(isset($_GET[‘status’])){
$status = $_GET[‘status’];
}
else{
$status = '%’;
}
$sql = mysqli_query($con, “SELECT * FROM comments WHERE status LIKE '$status’;”);
You can exploit the parameter of $status.
Example-2:
https://github.com/tourist5/Online-food-ordering-system/blob/main/view-ticket.php
You can exploit $id parameter.