| शीर्षक | SourceCodester Pizzafy Ecommerce System using PHP and MySQL 1.0 SQL Injection |
|---|
| विवरण | Unauthenticated SQL Injection exists in the admin login flow of Pizzafy, where the POST username parameter is concatenated directly into a SQL query without parameterized statements. This allows an attacker to alter backend queries and perform unauthorized database enumeration and data extraction, resulting in full compromise of database confidentiality and potential integrity impact. The issue is classified as CWE-89 and should be treated as Critical severity due to the possibility of complete database disclosure. |
|---|
| स्रोत | ⚠️ https://www.notion.so/Pizzafy-Ecommerce-System-using-PHP-and-MySQL-340e7248353d8023b0fcfc199da69d40 |
|---|
| उपयोगकर्ता | himanshuh4cker (UID 96758) |
|---|
| सबमिशन | 12/04/2026 02:58 PM (2 महीनों पहले) |
|---|
| संयम | 28/04/2026 12:26 PM (16 days later) |
|---|
| स्थिति | प्रतिलिपि |
|---|
| VulDB प्रविष्टि | 359827 [SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=login e-mail SQL इंजेक्शन] |
|---|
| अंक | 0 |
|---|