Submit #802437: SourceCodester Pizzafy Ecommerce System 1.0 SQL Injectioninfo

TitleSourceCodester Pizzafy Ecommerce System 1.0 SQL Injection
DescriptionTitle: Pizzafy Ecommerce System 1.0 Vulnerability Type: SQL Injection (Based Error) Severity: HIGH Status: Unpatched Description: A Error-based SQL Injection vulnerability was discovered in the SELECT functionality of the Pizzafy Ecommerce System. This vulnerability occurs because the id parameter and user_id column database is not properly sanitized, allowing an attacker to inject malicious SQL commands into the backend database query. Affected Version: 1.0 Endpoint or parameter vulnerable: /pizza/admin/ajax.php?action=get_cart_items&id=1 PoC: id=1' References: https://www.sourcecodester.com/php/18708/pizzafy-ecommerce-system.html
Source⚠️ https://github.com/fernando-mengali/vulndb-submissions/blob/main/06-vul-SQLI.md
User
 Fernando Mengali (UID 83791)
Submission04/10/2026 21:03 (3 months ago)
Moderation04/28/2026 07:23 (17 days later)
StatusAccepted
VulDB entry359915 [SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=get_cart_items ID sql injection]
Points20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!