CVE-2026-7410
SQL Injection in SourceCodester Pizzafy Ecommerce System
Publication date: 2026-04-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sourcecodester | pizzafy_ecommerce_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the SourceCodester Pizzafy Ecommerce System 1.0, specifically in the file /admin/ajax.php with the action add_to_cart. It is caused by manipulation of the argument 'pid', which leads to an SQL injection vulnerability. This means that an attacker can inject malicious SQL code through the 'pid' parameter.
The attack can be initiated remotely, and the exploit has already been publicly disclosed, making it potentially easy for attackers to use.
How can this vulnerability impact me? :
The SQL injection vulnerability can allow an attacker to manipulate the database queries executed by the application. This can lead to unauthorized access to sensitive data, data modification, or even deletion.
Since the attack can be performed remotely, it increases the risk of exploitation without requiring physical access to the system.
The CVSS v3.1 score of 6.3 indicates a medium severity impact, meaning the vulnerability can cause limited confidentiality, integrity, and availability impacts.
Can you explain this vulnerability to me?
CVE-2026-7410 is a SQL Injection vulnerability found in the Pizzafy Ecommerce System 1.0, specifically in the /pizza/admin/ajax.php?action=add_to_cart endpoint.
The vulnerability occurs because the pid parameter in the POST request is not properly sanitized or validated before being used in SQL queries. This allows an attacker to inject malicious SQL code.
Exploiting this vulnerability can enable attackers to enumerate database tables, extract sensitive information such as usernames and password hashes, modify or delete records, and escalate privileges by accessing session-related data.
The root cause is the direct interpolation of user input into SQL queries without using prepared statements or parameterized inputs.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The SQL injection vulnerability in SourceCodester Pizzafy Ecommerce System 1.0 allows attackers to extract sensitive data such as usernames and password hashes, modify or delete records, and escalate privileges by accessing session-related data.
Such unauthorized access and potential data breaches can lead to non-compliance with common standards and regulations like GDPR and HIPAA, which mandate the protection of personal and sensitive information.
Failure to properly secure user data and prevent unauthorized access may result in violations of these regulations, potentially causing legal and financial consequences for affected organizations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the /pizza/admin/ajax.php?action=add_to_cart endpoint for SQL injection via the pid parameter in POST requests.
A common detection method is to send specially crafted SQL injection payloads in the pid parameter and observe the response for database errors or unusual behavior.
- Use curl to send a POST request with an SQL injection payload, for example: curl -X POST -d "pid=1' AND extractvalue(1,concat(0x7e,(SELECT database()),0x7e))-- -" http://target/pizza/admin/ajax.php?action=add_to_cart
- Monitor responses for SQL error messages or unexpected output indicating injection success.
- Use automated vulnerability scanners that support SQL injection detection targeting the pid parameter on the specified endpoint.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves fixing the SQL injection vulnerability by replacing direct SQL queries with prepared statements using parameterized inputs.
Ensure proper sanitization and validation of the pid parameter to prevent malicious input from being executed as SQL.
- Apply the provided fix that uses prepared statements to safely handle the pid parameter.
- Restrict access to the /pizza/admin/ajax.php?action=add_to_cart endpoint to trusted users or IP addresses if possible.
- Monitor logs for suspicious activity related to the add_to_cart action.
- Update the system to the latest patched version once available.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized access to sensitive data stored in the database, such as user credentials.
Attackers can modify or delete important data, potentially disrupting the ecommerce system's operations.
Privilege escalation through session data access can allow attackers to perform actions as legitimate users or administrators.
Overall, it can lead to data breaches, loss of customer trust, financial loss, and damage to the reputation of the affected organization.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending specially crafted POST requests to the /pizza/admin/ajax.php?action=add_to_cart endpoint, targeting the pid parameter to test for SQL injection.
A common detection method involves injecting SQL syntax into the pid parameter and observing error messages or unusual responses that indicate SQL query manipulation.
For example, you can use curl to send a test request that attempts to trigger a database error using the extractvalue function:
- curl -X POST -d "pid=1' and extractvalue(1,concat(0x7e,(select database()),0x7e))-- -" http://<target>/pizza/admin/ajax.php?action=add_to_cart
If the response contains database error messages or reveals database names, it confirms the presence of the SQL injection vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply proper input sanitization and use prepared statements with parameterized queries for the pid parameter in the /pizza/admin/ajax.php?action=add_to_cart endpoint.
Replacing direct interpolation of user input in SQL queries with parameterized inputs prevents SQL injection attacks.
Until a patch or fix is applied, consider restricting access to the vulnerable endpoint to trusted users only, and monitor logs for suspicious POST requests targeting the pid parameter.
Additionally, review and update web application firewall (WAF) rules to detect and block SQL injection patterns targeting this endpoint.