CVE-2026-16226
Received Received - Intake

Unrestricted File Upload in Pizzafy Ecommerce System

Vulnerability report for CVE-2026-16226, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-19

Last updated on: 2026-07-19

Assigner: VulDB

Description

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_settings of the file /admin/admin_class_novo.php. This manipulation of the argument img causes unrestricted upload. The attack is possible to be carried out remotely.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-19
Last Modified
2026-07-19
Generated
2026-07-19
AI Q&A
2026-07-19
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
sourcecodester pizzafy_ecommerce_system 1.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an unrestricted file upload flaw in SourceCodester Pizzafy Ecommerce System 1.0. It exists in the save_settings function of /admin/admin_class_novo.php where the img argument can be manipulated to upload malicious files without restrictions.

Detection Guidance

To detect this vulnerability, inspect the /admin/admin_class_novo.php file for unrestricted file upload functionality in the save_settings function. Check for improper validation of the img argument. Look for unexpected file uploads in web-accessible directories.

Impact Analysis

An attacker could exploit this to upload malicious files like PHP scripts, gaining remote code execution on the server. This could lead to full system compromise, data theft, or defacement of the website.

Compliance Impact

This vulnerability could lead to unauthorized access and data breaches, violating GDPR (data protection) and HIPAA (health data security) requirements. Non-compliance may result in legal penalties, fines, and reputational damage.

Mitigation Strategies

Immediately restrict access to the /admin/admin_class_novo.php file. Disable file upload functionality if not required. Update to the latest patched version of Pizzafy Ecommerce System. Monitor network traffic for unusual file uploads or modifications to the img parameter.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-16226. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart