| शीर्षक | SourceCodester Pizzafy Ecommerce System 1.0 SQL Injection |
|---|
| विवरण | Title: Pizzafy Ecommerce System 1.0
Vulnerability Type: SQL Injection (Based Error)
Severity: HIGH
Status: Unpatched
Description:
A Error-based SQL Injection vulnerability was discovered in the delete cart functionality of the Pizza Ecommerce System. This vulnerability occurs because the id parameter is not properly sanitized, allowing an attacker to inject malicious SQL commands into the backend database query.
Affected Version: 1.0
Endpoint or paramter vulnerable:
/pizza/admin/ajax.php?action=delete_cart
PoC:
-1 OR extractvalue(1,concat(0x7e,database())) --
References:
https://www.sourcecodester.com/php/18708/pizzafy-ecommerce-system.html
|
|---|
| स्रोत | ⚠️ https://github.com/fernando-mengali/vulndb-submissions/blob/main/01-vul-SQLI.md |
|---|
| उपयोगकर्ता | Fernando Mengali (UID 83791) |
|---|
| सबमिशन | 10/04/2026 08:26 PM (2 महीनों पहले) |
|---|
| संयम | 27/04/2026 05:43 PM (17 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 359824 [SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=delete_cart पहचान SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|