Online Food Ordering System is an online food ordering system. an SQL injection vulnerability exists in Online Food Ordering System, which originates from the missing Username parameter in the file /fos/admin/ajax.php? action = login on the componentβs login page. validation of external input SQL statements, which can be exploited to execute illegal SQL commands to steal sensitive database data.