EUVD-2026-26137
SQL Injection (CWE-89)
2026-04-28
VulDB
2.0
CVSS 4.0
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X
Lifecycle Timeline
8
Severity Changed
Apr 29, 2026 - 01:12 NVD
MEDIUM
LOW
CVSS changed
Apr 29, 2026 - 01:12 NVD
5.1 (MEDIUM)
2.0 (LOW)
PoC Detected
Apr 29, 2026 - 01:00 vuln.today
Public exploit code
Analysis Generated
Apr 28, 2026 - 20:06 vuln.today
CVSS changed
Apr 28, 2026 - 19:52 NVD
4.7 (MEDIUM)
5.1 (MEDIUM)
EUVD ID Assigned
Apr 28, 2026 - 19:30 euvd
EUVD-2026-26137
Analysis Generated
Apr 28, 2026 - 19:30 vuln.today
CVE Published
Apr 28, 2026 - 17:45 nvd
LOW 2.0
DescriptionNVD
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function delete_category of the file /admin/ajax.php?action=delete_category. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public and may be used.
AnalysisAI
SQL injection in SourceCodester Pizzafy Ecommerce System 1.0 allows authenticated remote attackers to execute arbitrary SQL commands via the ID parameter in the delete_category function (/admin/ajax.php?action=delete_category). The vulnerability requires high-privilege authentication but enables limited confidentiality and integrity impact. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).