Submit #803171: SourceCodester Pizzafy Ecommerce System 1.0 SQL Injectioninfo

TitleSourceCodester Pizzafy Ecommerce System 1.0 SQL Injection
DescriptionVulnerability Type: Cross-Site Scripting (XSS) – Stored - Category Affected Product: Pizzafy Ecommerce System 1.0 Download: https://www.sourcecodester.com/php/18708/pizzafy-ecommerce-system.html Vulnerable Endpoint: POST /pizzafy/admin/ajax.php?action=save_category Vulnerable Parameter: ------WebKitFormBoundaryKFUizOF0ZObYPAKg Content-Disposition: form-data; name="name" <script>alert(document.cookie)</script> Description: A Stored Cross-Site Scripting (XSS) vulnerability was identified in the application. User-supplied input is not properly sanitized or encoded before being stored and later rendered in the browser. An attacker can inject malicious JavaScript code into a persistent field (such as name, description, or comments). When other users access the affected page, the injected script is executed in their browser context. This allows attackers to perform actions such as session hijacking, credential theft, or unauthorized actions on behalf of the victim..
Source⚠️ https://github.com/joaodrmmd/VulDB-Reports/blob/main/XSS%20-%20Categoria.pdf
User
 r3du (UID 97257)
Submission04/12/2026 18:52 (3 months ago)
Moderation04/28/2026 12:26 (16 days later)
StatusDuplicate
VulDB entry359919 [SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=save_category Name sql injection]
Points0

Might our Artificial Intelligence support you?

Check our Alexa App!