Is there a public PoC exploit available for CVE-2026-7266?

Yes, a public proof-of-concept exploit is available for CVE-2026-7266. Prioritise patching immediately. EPSS: 0.0%.

SourceCodester Pizzafy Ecommerce System CVE-2026-7266

Q: What is the CVSS score of CVE-2026-7266?

CVE-2026-7266 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-26032 LOW

SQL Injection (CWE-89)

2026-04-28 VulDB

PHP SQLi

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:12 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:12 NVD

5.3 (MEDIUM) 2.1 (LOW)

PoC Detected

Apr 29, 2026 - 01:00 vuln.today

Public exploit code

CVSS changed

Apr 28, 2026 - 12:22 NVD

6.3 (MEDIUM) 5.3 (MEDIUM)

Analysis Generated

Apr 28, 2026 - 12:00 vuln.today

EUVD ID Assigned

Apr 28, 2026 - 11:45 euvd

EUVD-2026-26032

Analysis Generated

Apr 28, 2026 - 11:45 vuln.today

CVE Published

Apr 28, 2026 - 10:45 nvd

LOW 2.1

DescriptionNVD

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function save_order of the file /admin/ajax.php?action=save_order. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

AnalysisAI

SQL injection in SourceCodester Pizzafy Ecommerce System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in the save_order function at /admin/ajax.php?action=save_order, potentially enabling data exfiltration, modification, or deletion. Publicly available exploit code exists and the vulnerability carries a CVSS score of 6.3 with low complexity, indicating moderate real-world risk despite requiring login credentials.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7266 vulnerability details – vuln.today

Back