PHP Restaurants 1.0 SQL Injection / Cross Site Scripting

Posted on 26 April 2023

PHP Restaurants version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass and a cross site scripting vulnerability. Original discovery of SQL injection in this version is attributed to Nefrit ID in February of 2022.