CVE-2026-7407 | SourceCodester Pizzafy Ecommerce System 1.0 Setting ajax.php?action=save_settings sql injection

Inserito da Angelo Barbosa | Apr 29, 2026 | CVE

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0 and classified as critical. Affected by this vulnerability is the function save_settings of the file /pizzafy/admin/ajax.php?action=save_settings of the component Setting Handler. Such manipulation leads to sql injection.

This vulnerability is referenced as CVE-2026-7407. It is possible to launch the attack remotely. Furthermore, an exploit is available.

CVE-2026-7407 | SourceCodester Pizzafy Ecommerce System 1.0 Setting ajax.php?action=save_settings sql injection

Post correlati

CVE-2024-30880 | RageFrame2 2.6.43 Image Crop cross site scripting (Issue 114)

CVE-2024-34543 | Intel RAID Web Console See references access control (intel-sa-00926)

CVE-2025-25901 | TP-LINK TL-WR841ND V11 Packet WanSlaacCfgRpm.htm dnsserver1/dnsserver2 denial of service

CVE-2026-31018 | Dolibarr ERP CRM up to 22.0.4 Website code injection