Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Order Up Online Ordering System 1.0 exposes sensitive database data
CVE-2026-24494
Summary
An attacker can access confidential data without a login by sending a special request to the system. This could reveal sensitive information about your customers or business. To fix this, update to the latest version of the Order Up Online Ordering System or apply the vendor's recommended patch.
Original title
SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of Order Up Online Ordering System 1.0 allows an unauthenticated attacker to access sensitive backend database data via...
Original description
SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of Order Up Online Ordering System 1.0 allows an unauthenticated attacker to access sensitive backend database data via a crafted store_id parameter in a POST request.
nvd CVSS3.1
9.8
Vulnerability type
CWE-89
SQL Injection
Published: 23 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026