Online Ordering System is a multi-store ordering system that can be used by any small business. version 1.0 of Online Ordering System is vulnerable to a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements on the admin/viewreport.php page, which could be exploited by an attacker to execute illegal SQL commands to steal sensitive database data.