提出 #831321: SourceCodester Pizzafy E-Commerce System 1.0 SQL injection情報

タイトルSourceCodester Pizzafy E-Commerce System 1.0 SQL injection
説明During the security review of Pizzafy E-Commerce System v1.0, a critical SQL injection vulnerability was discovered in the administrator authentication mechanism. This vulnerability stems from insufficient user input validation of the `username` parameter in the login form, allowing attackers to inject malicious SQL queries. Since this is the gateway to the administrative control panel and requires no prior authentication, exploitation is trivial for any remote attacker.
ソース⚠️ https://github.com/nuiifornet/A033/blob/main/pizzafy-vulnerability.md
ユーザー
 Fklov (UID 98102)
送信2026年05月16日 04:03 (19 日 ago)
モデレーション2026年06月02日 19:44 (18 days later)
ステータス承諾済み
VulDBエントリ368017 [SourceCodester Pizzafy E-Commerce System 1.0 Administrative Control Panel admin_class_novo.php login ユーザー名 SQLインジェクション]
ポイント20

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!