Vulnerability Details CVE-2021-28294
Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 85.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2021-28294
-
cpe:2.3:a:online_ordering_system_project:online_ordering_system:1.0