| タイトル | SourceCodester Pizzafy Ecommerce System 1.0 SQL Injection |
|---|
| 説明 | Title: Pizzafy Ecommerce System 1.0
Vulnerability Type: SQL Injection (Based Error)
Severity: HIGH
Status: Unpatched
Description:
A Error-based SQL Injection vulnerability was discovered in the delete functionality of the Pizzafy Ecommerce System. This vulnerability occurs because the id parameter is not properly sanitized, allowing an attacker to inject malicious SQL commands into the backend database query.
Affected Version: 1.0
Endpoint or paramter vulnerable:
/pizza/admin/ajax.php?action=delete_menu
PoC:
id=1'
References:
https://www.sourcecodester.com/php/18708/pizzafy-ecommerce-system.html |
|---|
| ソース | ⚠️ https://github.com/fernando-mengali/vulndb-submissions/blob/main/02-vul-SQLI.md |
|---|
| ユーザー | Fernando Mengali (UID 83791) |
|---|
| 送信 | 2026年04月10日 20:32 (2 月 ago) |
|---|
| モデレーション | 2026年04月27日 17:43 (17 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 359825 [SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=delete_menu 識別子 SQLインジェクション] |
|---|
| ポイント | 20 |
|---|