| tiêu đề | SourceCodester Pizzafy Ecommerce System 1.0 SQL Injection |
|---|
| Mô tả | Title: Pizzafy Ecommerce System 1.0
Vulnerability Type: SQL Injection (Based Error)
Severity: HIGH
Status: Unpatched
Description:
A Error-based SQL Injection vulnerability was discovered in the SELECT functionality of the Pizzafy Ecommerce System. This vulnerability occurs because the e-mail parameter is not properly sanitized, allowing an attacker to inject malicious SQL commands into the backend database query.
Affected Version: 1.0
Endpoint or paramter vulnerable:
POST /pizza/admin/ajax.php?action=login
PoC:
username=-1' union select 1,2,database(),version(),5%23&password=password
References:
https://www.sourcecodester.com/php/18708/pizzafy-ecommerce-system.html
|
|---|
| Nguồn | ⚠️ https://github.com/fernando-mengali/vulndb-submissions/blob/main/04-vul-SQLI.md |
|---|
| Người dùng | Fernando Mengali (UID 83791) |
|---|
| Đệ trình | 10/04/2026 20:41 (cách đây 2 các tháng) |
|---|
| Kiểm duyệt | 27/04/2026 17:43 (17 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 359827 [SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=login e-mail Tiêm SQL] |
|---|
| điểm | 20 |
|---|