| शीर्षक | SourceCodester Pizzafy Ecommerce System 1.0 SQL Injection |
|---|
| विवरण | Title: Pizzafy Ecommerce System 1.0
Vulnerability Type: SQL Injection (Based Error)
Severity: HIGH
Status: Unpatched
Description:
A Error-based SQL Injection vulnerability was discovered in the SELECT functionality of the Pizzafy Ecommerce System. This vulnerability occurs because the id parameter and user_id column database is not properly sanitized, allowing an attacker to inject malicious SQL commands into the backend database query.
Affected Version: 1.0
Endpoint or parameter vulnerable:
/pizza/admin/ajax.php?action=get_cart_items&id=1
PoC:
id=1'
References:
https://www.sourcecodester.com/php/18708/pizzafy-ecommerce-system.html |
|---|
| स्रोत | ⚠️ https://github.com/fernando-mengali/vulndb-submissions/blob/main/06-vul-SQLI.md |
|---|
| उपयोगकर्ता | Fernando Mengali (UID 83791) |
|---|
| सबमिशन | 10/04/2026 09:03 PM (2 महीनों पहले) |
|---|
| संयम | 28/04/2026 07:23 AM (17 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 359915 [SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=get_cart_items पहचान SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|