| 제목 | SourceCodester Pizzafy Ecommerce System 1.0 SQL Injection |
|---|
| 설명 | Title: Pizzafy Ecommerce System 1.0
Vulnerability Type: SQL Injection (Based Error)
Severity: HIGH
Status: Unpatched
Description:
A Error-based SQL Injection vulnerability was discovered in the SELECT functionality of the Pizzafy Ecommerce System.
This vulnerability occurs because the name parameter and name column is not properly sanitized, allowing an attacker to inject malicious SQL commands into the backend database query.
Affected Version: 1.0
Endpoint or parameter vulnerable: /pizza/admin/ajax.php?action=save_category
PoC:
------WebKitFormBoundaryTgJxQBXajmMnccmX
Content-Disposition: form-data; name="name"
Pizza'
------WebKitFormBoundaryTgJxQBXajmMnccmX--
References:
https://www.sourcecodester.com/php/18708/pizzafy-ecommerce-system.html |
|---|
| 원천 | ⚠️ https://github.com/fernando-mengali/vulndb-submissions/blob/main/10-vul-SQLI.md |
|---|
| 사용자 | Fernando Mengali (UID 83791) |
|---|
| 제출 | 2026. 04. 10. PM 09:28 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 04. 28. AM 07:23 (17 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 359919 [SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=save_category 이름 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|