CVE-2026-7225
SQL Injection in SourceCodester Pizzafy delete_menu Function
Publication date: 2026-04-28
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sourcecodester | pizzafy_ecommerce_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7225 is a critical Error-Based SQL Injection vulnerability found in the Pizzafy Ecommerce System version 1.0. It affects the delete_menu function in the /admin/ajax.php?action=delete_menu endpoint. The vulnerability occurs because the id parameter used in the SQL DELETE query is not properly sanitized, allowing attackers to inject malicious SQL commands.
This means an attacker can manipulate the id argument to execute arbitrary SQL code on the database. For example, they can use specially crafted input to cause the database to reveal sensitive information through error messages.
- Vulnerability Type: Error-Based SQL Injection (CWE-89)
- Affected Version: Pizzafy Ecommerce System 1.0
- Vulnerable Endpoint: /pizzafy/admin/ajax.php?action=delete_menu
- Cause: Lack of input sanitization on the id parameter
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include sanitizing and validating the `id` parameter by casting it to an integer and ensuring it is positive before use.
Use prepared statements with parameterized queries to prevent SQL injection attacks.
Restrict database user privileges to minimize potential damage from exploitation.
Implement proper error handling to avoid exposing database error messages to users.
Conduct regular security testing, including penetration testing and code reviews, and monitor logs for unusual database access patterns.
How can this vulnerability impact me? :
This vulnerability can have several serious impacts on the affected system and its users.
- Confidentiality: Attackers can extract sensitive information such as the full database schema and user credentials by exploiting error messages.
- Integrity: Unauthorized deletion or modification of records is possible, compromising data integrity.
- Availability: Attackers could cause mass deletion of data, potentially leading to denial of service.
- Privilege Escalation: Attackers may hijack sessions or gain administrative access by extracting session data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted POST requests to the vulnerable endpoint `/pizzafy/admin/ajax.php?action=delete_menu` with malicious payloads in the `id` parameter to observe if SQL error messages or database information are returned.
For example, a test command using curl could be:
- curl -X POST -d "id=-2 OR extractvalue(1,concat(0x7e,database())) -- " https://targetsite.com/pizzafy/admin/ajax.php?action=delete_menu
If the response contains database error messages or reveals the database name, it indicates the presence of the SQL injection vulnerability.
Additionally, monitoring logs for unusual database errors or unexpected queries involving the `id` parameter can help detect exploitation attempts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This SQL injection vulnerability in the Pizzafy Ecommerce System 1.0 can lead to unauthorized exposure of sensitive data, including full database schema and user credentials, as well as unauthorized modification or deletion of records.
Such exposure and unauthorized access can result in violations of data protection regulations like GDPR and HIPAA, which require the protection of personal and sensitive information against unauthorized access and breaches.
Therefore, exploitation of this vulnerability could compromise compliance with these standards by risking confidentiality, integrity, and availability of protected data.