Online Ordering System is a multi-store ordering system that can be used by any small business.Online Ordering System version 2.3.2 is vulnerable to a SQL injection vulnerability that originates in /ordering/index.php?q=products&id=The page lacks validation for external input SQL statements, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data.