SourceCodester Pizzafy Ecommerce System index.php category sql injection

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function Category of the file pizza/index.php?page=category. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Problem type

Affected products

SourceCodester

Pizzafy Ecommerce System

1.0 - AFFECTED

References

VDB-359916 | SourceCodester Pizzafy Ecommerce System index.php category sql injection

https://vuldb.com/vuln/359916

vdb-entrytechnical-description

VDB-359916 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/359916/cti

signaturepermissions-required

Submit #802438 | SourceCodester Pizzafy Ecommerce System 1.0 SQL Injection

https://vuldb.com/submit/802438

third-party-advisory

github.com

https://github.com/fernando-mengali/vulndb-submissions/blob/main/07-vul-SQLI.md

exploit

sourcecodester.com

https://www.sourcecodester.com/

product

GitHub Security Advisories

GHSA-wq8m-pvcj-qpc6

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. The...

https://github.com/advisories/GHSA-wq8m-pvcj-qpc6

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-7265

github.com

https://github.com/fernando-mengali/vulndb-submissions/blob/main/07-vul-SQLI.md

vuldb.com

https://vuldb.com/submit/802438

vuldb.com

https://vuldb.com/vuln/359916

vuldb.com

https://vuldb.com/vuln/359916/cti

sourcecodester.com

https://www.sourcecodester.com

github.com

https://github.com/advisories/GHSA-wq8m-pvcj-qpc6

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-7265

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-7265",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-04-28T10:30:12.948Z",
    "dateReserved": "2026-04-28T05:23:17.429Z",
    "datePublished": "2026-04-28T10:30:12.948Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-04-28T10:30:12.948Z"
      },
      "title": "SourceCodester Pizzafy Ecommerce System index.php category sql injection",
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function Category of the file pizza/index.php?page=category. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used."
        }
      ],
      "affected": [
        {
          "vendor": "SourceCodester",
          "product": "Pizzafy Ecommerce System",
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "SQL Injection",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Injection",
              "cweId": "CWE-74",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/vuln/359916",
          "name": "VDB-359916 | SourceCodester Pizzafy Ecommerce System index.php category sql injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/vuln/359916/cti",
          "name": "VDB-359916 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/submit/802438",
          "name": "Submit #802438 | SourceCodester Pizzafy Ecommerce System 1.0 SQL Injection",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/fernando-mengali/vulndb-submissions/blob/main/07-vul-SQLI.md",
          "tags": [
            "exploit"
          ]
        },
        {
          "url": "https://www.sourcecodester.com/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 6.5
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-04-28T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-04-28T02:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-04-28T07:28:38.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Fernando Mengali (VulDB User)",
          "type": "reporter"
        }
      ],
      "tags": [
        "x_freeware"
      ]
    }
  }
}