Submit #804863: sourcecodester Pizzafy Ecommerce System V1.0 File Upload vulnerabilityinfo

Titlesourcecodester Pizzafy Ecommerce System V1.0 File Upload vulnerability
DescriptionA critical unrestricted file upload vulnerability exists in Pizzafy Pizza Ordering System v1.0 in admin/admin_class_novo.php via the save_settings() and save_menu() functions. The application fails to validate file types, check file content, limit file size, and stores uploaded files in a publicly accessible directory ( ../assets/img/ ), allowing authenticated attackers with admin privileges to upload malicious PHP files and execute arbitrary code on the server, leading to Remote Code Execution (RCE).
Source⚠️ https://github.com/nidieaaa/test/issues/8
User
 baiqiuran (UID 97198)
Submission04/14/2026 19:39 (3 months ago)
Moderation04/30/2026 21:01 (16 days later)
StatusDuplicate
VulDB entry360118 [SourceCodester Pizzafy Ecommerce System 1.0 File Extension admin_class_novo.php save_menu img unrestricted upload]
Points0

Do you need the next level of professionalism?

Upgrade your account now!