| 标题 | SourceCodester Pizzafy Ecommerce System 1.0 SQL Injection |
|---|
| 描述 | Title: Pizzafy Ecommerce System 1.0
Vulnerability Type: SQL Injection (Based Error)
Severity: HIGH
Status: Unpatched
Description:
A Error-based SQL Injection vulnerability was discovered in the SELECT functionality of the Pizzafy Ecommerce System. This vulnerability occurs because the e-mail parameter is not properly sanitized, allowing an attacker to inject malicious SQL commands into the backend database query.
Affected Version: 1.0
Endpoint or paramter vulnerable:
POST /pizza/admin/ajax.php?action=login2
PoC:
email=-1' union select 1,2,3,4,5,6,7%23&password=teste
References:
https://www.sourcecodester.com/php/18708/pizzafy-ecommerce-system.html |
|---|
| 来源 | ⚠️ https://github.com/fernando-mengali/vulndb-submissions/blob/main/03-vul-SQLI.md |
|---|
| 用户 | Fernando Mengali (UID 83791) |
|---|
| 提交 | 2026-04-10 20時38分 (2 月前) |
|---|
| 管理 | 2026-04-27 17時43分 (17 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 359826 [SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=login2 e-mail SQL注入] |
|---|
| 积分 | 20 |
|---|