| Title | sourcecodester Pizzafy Ecommerce System V1.0 File Upload vulnerability |
|---|
| Description | A critical unrestricted file upload vulnerability exists in Pizzafy Pizza Ordering System v1.0 in admin/admin_class_novo.php via the save_settings() and save_menu() functions. The application fails to validate file types, check file content, limit file size, and stores uploaded files in a publicly accessible directory ( ../assets/img/ ), allowing authenticated attackers with admin privileges to upload malicious PHP files and execute arbitrary code on the server, leading to Remote Code Execution (RCE). |
|---|
| Source | ⚠️ https://github.com/nidieaaa/test/issues/8 |
|---|
| User | baiqiuran (UID 97198) |
|---|
| Submission | 04/14/2026 19:39 (3 months ago) |
|---|
| Moderation | 04/30/2026 21:01 (16 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 360118 [SourceCodester Pizzafy Ecommerce System 1.0 File Extension admin_class_novo.php save_menu img unrestricted upload] |
|---|
| Points | 0 |
|---|