Submit #803224: SourceCodester Pizzafy Ecommerce System using PHP and MySQL 1.0 SQL Injectioninfo

TitleSourceCodester Pizzafy Ecommerce System using PHP and MySQL 1.0 SQL Injection
DescriptionA critical SQL injection vulnerability exists in SourceCodester Pizzafy Ecommerce System 1.0 in the login2 action of admin/ajax.php. The email POST parameter is not sanitized before being passed to a MySQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and extract the full database contents including user credentials.
Source⚠️ https://github.com/Xmyronn/SQL-Injection-in-Pizzafy-Ecommerce-System-admin-ajax.php-Unauthenticated-.git
User
 imad alvi (UID 97088)
Submission04/12/2026 22:41 (3 months ago)
Moderation04/29/2026 11:38 (17 days later)
StatusDuplicate
VulDB entry359826 [SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=login2 e-mail sql injection]
Points0

Do you need the next level of professionalism?

Upgrade your account now!