CVE-2025-4936

MEDIUM Year: 2025
CVSS v3 Score
7.3
High
CVSS v2 Score
7.5
High
Weakness Type
CWE-74
View all →

Vulnerability Description

A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin-page.php. The manipulation of the argument 1_price leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2015-8800

HIGH
CVSS:7.3(High)

Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical Sy...

CWE-742015

CVE-2017-20197

MEDIUM
CVSS:7.3(High)

A vulnerability was found in propanetank Roommate-Bill-Tracking up to 288437f658fc9ee7d4b92a9da12557024d8bc55c. It has been declared as critical. This vulnerability affects unknown code of the file /i...

CWE-742017

CVE-2018-20914

HIGH
CVSS:7.3(High)

In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368).

CWE-742018

CVE-2020-15255

HIGH
CVSS:7.3(High)

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example...

CWE-742020

CVE-2021-0553

HIGH
CVSS:7.3(High)

In onBindViewHolder of AppSwitchPreference.java, there is a possible bypass of device admin setttings due to unclear UI. This could lead to local escalation of privilege with User execution privileges...

CWE-742021

CVE-2021-27614

HIGH
CVSS:7.3(High)

SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application....

CWE-742021