Submit #804377: sourcecodester Pizzafy Ordering System V1.0 SQL Injectioninfo

Titlesourcecodester Pizzafy Ordering System V1.0 SQL Injection
DescriptionDuring the security review of "Pizzafy Ordering System", a critical SQL injection vulnerability was identified in the /admin/view_order.php file. The vulnerability exists due to the application directly using user-controlled input from the id GET parameter in SQL queries without any sanitization, validation, or parameterized processing. This flaw is exploitable via multiple SQL injection vectors including boolean-based blind, error-based, time-based blind, and UNION query injection. Unauthenticated remote attackers can inject malicious SQL payloads to manipulate database queries, access and extract all data from the backend database, and perform unauthorized database operations.
Source⚠️ https://github.com/nidieaaa/test/issues/7
User
 baiqiuran (UID 97198)
Submission04/14/2026 13:09 (3 months ago)
Moderation04/30/2026 20:54 (16 days later)
StatusDuplicate
VulDB entry360119 [SourceCodester Pizzafy Ecommerce System 1.0 GET Parameter /admin/view_order.php ID sql injection]
Points0

Interested in the pricing of exploits?

See the underground prices here!