提出 #802465: SourceCodester Pizzafy Ecommerce System 1.0 SQL Injection情報

タイトルSourceCodester Pizzafy Ecommerce System 1.0 SQL Injection
説明Title: Pizzafy Ecommerce System 1.0 Vulnerability Type: SQL Injection (Based Error) Severity: HIGH Status: Unpatched Description: A Error-based SQL Injection vulnerability was discovered in the SELECT functionality of the Pizzafy Ecommerce System. This vulnerability occurs because the name parameter and name column is not properly sanitized, allowing an attacker to inject malicious SQL commands into the backend database query. Affected Version: 1.0 Endpoint or parameter vulnerable: /pizza/admin/ajax.php?action=save_category PoC: ------WebKitFormBoundaryTgJxQBXajmMnccmX Content-Disposition: form-data; name="name" Pizza' ------WebKitFormBoundaryTgJxQBXajmMnccmX-- References: https://www.sourcecodester.com/php/18708/pizzafy-ecommerce-system.html
ソース⚠️ https://github.com/fernando-mengali/vulndb-submissions/blob/main/10-vul-SQLI.md
ユーザー
 Fernando Mengali (UID 83791)
送信2026年04月10日 21:28 (2 月 ago)
モデレーション2026年04月28日 07:23 (17 days later)
ステータス承諾済み
VulDBエントリ359919 [SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=save_category 名前 SQLインジェクション]
ポイント20

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!