CVE-2026-7265
SQL Injection in SourceCodester Pizzafy Category Function
Publication date: 2026-04-28
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sourcecodester | pizzafy_ecommerce_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7265 is a critical SQL Injection vulnerability found in the SourceCodester Pizzafy Ecommerce System version 1.0. It occurs in the function handling the 'id' parameter in the pizza/index.php?page=category endpoint. The application fails to properly sanitize or validate this 'id' parameter before using it directly in a SQL query. This allows an attacker to inject malicious SQL code.
By exploiting this flaw, attackers can manipulate the SQL query to extract sensitive information such as database names, table names, column structures, usernames, and password hashes. They can also modify or delete data, escalate privileges by hijacking sessions, and cause denial of service by mass deletions.
The vulnerability arises because the code directly inserts the 'id' parameter into the SQL statement without validation or parameterization, making it vulnerable to error-based SQL injection attacks.
How can this vulnerability impact me? :
This vulnerability can have several serious impacts:
- Confidentiality breach: Attackers can extract the full database schema and sensitive user credentials.
- Integrity compromise: Unauthorized modification or deletion of records in the database.
- Availability disruption: Potential denial of service caused by mass deletions or other destructive actions.
- Privilege escalation: Attackers can hijack sessions and gain administrative access.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the vulnerable endpoint for SQL injection by manipulating the 'id' parameter in the URL and observing the responses or error messages.
An example of a command to test this vulnerability is to send a crafted HTTP request to the vulnerable URL with a payload that triggers an SQL error, such as:
- curl "http://localhost/pizzafy/index.php?page=category&id=7 AND extractvalue(1, concat(0x7e, (SELECT table_name FROM information_schema.tables WHERE table_schema=database() LIMIT 0,1))) -- "
This command attempts to exploit the SQL injection by forcing the database to return table names within error messages, which indicates the presence of the vulnerability.
Additional detection methods include monitoring logs for suspicious queries or error messages related to the 'id' parameter and using automated vulnerability scanners that test for SQL injection.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Implement strict input validation and sanitize the 'id' parameter to ensure it only accepts valid integers.
- Use prepared statements with parameterized queries to prevent SQL injection, for example:
- ```php $cid = isset($_GET['id']) ? (int)$_GET['id'] : 0; if (empty($cid) || $cid <= 0) { throw new ErrorException("Error: This page requires a valid category ID."); } $stmt = $conn->prepare("SELECT * FROM category_list WHERE id = ?"); $stmt->bind_param("i", $cid); $stmt->execute(); $category_qry = $stmt->get_result(); ```
- Restrict database user privileges to minimize potential damage if exploited.
- Avoid exposing detailed database error messages to end users to prevent information leakage.
- Implement monitoring and logging to detect suspicious activities related to SQL injection attempts.
- Conduct regular security testing and code reviews to identify and fix similar vulnerabilities.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This SQL injection vulnerability in the Pizzafy Ecommerce System allows attackers to extract sensitive database information, including user credentials and database schema, and to manipulate or delete data. Such unauthorized access and data breaches can lead to violations of data protection regulations like GDPR and HIPAA, which mandate the protection of personal and sensitive information.
Specifically, the confidentiality breach and integrity compromise caused by this vulnerability could result in exposure of personal data, unauthorized data modification, and potential denial of service, all of which undermine compliance with these standards. Organizations using the affected system may fail to meet requirements for data security, breach notification, and risk management.
Mitigation measures such as input validation, use of prepared statements, restricting database privileges, and monitoring are essential to reduce the risk and help maintain compliance.