Online Ordering System is a multi-store ordering system that can be used by any small business. version 1.0 of Online Ordering System is vulnerable to a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements on the admin/editproductimage.php page, which could be used by an attacker to exploit this vulnerability to execute illegal SQL commands to steal sensitive database data.