Отправить #802413: SourceCodester Pizzafy Ecommerce System 1.0 SQL InjectionИнформация

НазваниеSourceCodester Pizzafy Ecommerce System 1.0 SQL Injection
ОписаниеTitle: Pizzafy Ecommerce System 1.0 Vulnerability Type: SQL Injection (Based Error) Severity: HIGH Status: Unpatched Description: A Error-based SQL Injection vulnerability was discovered in the SELECT functionality of the Pizzafy Ecommerce System. This vulnerability occurs because the e-mail parameter is not properly sanitized, allowing an attacker to inject malicious SQL commands into the backend database query. Affected Version: 1.0 Endpoint or paramter vulnerable: POST /pizza/admin/ajax.php?action=login2 PoC: email=-1' union select 1,2,3,4,5,6,7%23&password=teste References: https://www.sourcecodester.com/php/18708/pizzafy-ecommerce-system.html
Источник⚠️ https://github.com/fernando-mengali/vulndb-submissions/blob/main/03-vul-SQLI.md
Пользователь
 Fernando Mengali (UID 83791)
Представление10.04.2026 20:38 (2 месяцы назад)
Модерация27.04.2026 17:43 (17 days later)
Статуспринято
Запись VulDB359826 [SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=login2 e-mail SQL-инъекция]
Баллы20

ПредыдущийОбзорДалее

Do you want to use VulDB in your project?

Use the official API to access entries easily!