Wecodex Restaurant CMS 1.0 has a severe SQL injection vulnerability in its login function, specifically through the username parameter. An unauthenticated attacker can inject malicious SQL code to manipulate database queries, allowing them to extract sensitive database information using blind SQL injection techniques.
Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blind or time-based blind techniques to extract sensitive database information.
Websites using Wecodex Restaurant CMS 1.0 are at high risk of complete database compromise by unauthenticated attackers due to a critical SQL injection vulnerability in the login function.
Remediation Recommended
This vulnerability carries significant risk. Schedule patching in your next cycle.
What should I do?
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| wecodex | restaurant_cms | - | - |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
Affected Products
3
References
wecodex / restaurant_cms
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Exploitability
Impact