Online Ordering System is a multi-store ordering system that can be used by any small business. an SQL injection vulnerability exists in Online Ordering System version v2.3.2, which originates from /ordering/admin/store/index.php?view=edit&id= Lack of validation of external input SQL statements can be exploited to execute illegal SQL commands to steal sensitive database data.