| 标题 | SourceCodester Pizzafy Ecommerce System 1.0 SQL Injection |
|---|
| 描述 | Title: Pizzafy Ecommerce System 1.0
Vulnerability Type: SQL Injection (Based Error)
Severity: HIGH
Status: Unpatched
Description:
A Error-based SQL Injection vulnerability was discovered in the SELECT functionality of the Pizzafy Ecommerce System.
This vulnerability occurs because the id parameter and id column is not properly sanitized, allowing an attacker to inject malicious SQL commands into the backend database query.
Affected Version: 1.0
Endpoint or parameter vulnerable:
/view_prod.php?id=3
PoC:
view_prod.php?id=3'
References:
https://www.sourcecodester.com/php/18708/pizzafy-ecommerce-system.html |
|---|
| 来源 | ⚠️ https://github.com/fernando-mengali/vulndb-submissions/blob/main/09-vul-SQLI.md |
|---|
| 用户 | Fernando Mengali (UID 83791) |
|---|
| 提交 | 2026-04-10 21時19分 (2 月前) |
|---|
| 管理 | 2026-04-28 07時23分 (17 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 359918 [SourceCodester Pizzafy Ecommerce System 1.0 /view_prod.php 标识符 SQL注入] |
|---|
| 积分 | 20 |
|---|