Skip to main content

Pizzafy E Commerce System

1 CVEs product

Monthly

CVE-2026-14713 MEDIUM POC This Month

SQL injection in SourceCodester Pizzafy E-Commerce System 1.0 exposes the application to unauthenticated remote database compromise via the `id` parameter in `/admin/ajax.php?action=confirm_order`. The CVSS 4.0 vector (PR:N) indicates the vulnerable admin endpoint is reachable without authentication, compounding the severity of the unsanitized input. A publicly available exploit exists on GitHub, though the product is not listed in the CISA KEV catalog and has a very limited production deployment footprint.

SQLi PHP Pizzafy E Commerce System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in SourceCodester Pizzafy E-Commerce System 1.0 exposes the application to unauthenticated remote database compromise via the `id` parameter in `/admin/ajax.php?action=confirm_order`. The CVSS 4.0 vector (PR:N) indicates the vulnerable admin endpoint is reachable without authentication, compounding the severity of the unsanitized input. A publicly available exploit exists on GitHub, though the product is not listed in the CISA KEV catalog and has a very limited production deployment footprint.

SQLi PHP Pizzafy E Commerce System
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy