CVE-2026-10704
7.3 HIGHA vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0
Published: 2026-06-03 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 7.3 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-74, CWE-89
Description
A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/admin_class_novo.php of the component Administrative Control Panel. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10704
- [Other]https://github.com/nuiifornet/A033/blob/main/pizzafy-vulnerability.md
- [Other]https://vuldb.com/cve/CVE-2026-10704
- [Other]https://vuldb.com/submit/831321
- [Other]https://vuldb.com/vuln/368017
- [Other]https://vuldb.com/vuln/368017/cti
- [Other]https://www.sourcecodester.com/
Related CVEs
Same CWE
- CVE-2026-48613 — SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migratio... (5.9 MEDIUM)
- CVE-2026-45418 — ClipBucket v5 is an open source video sharing platform (8.8 HIGH)
- CVE-2026-45060 — ClipBucket v5 is an open source video sharing platform (9.8 CRITICAL)
- CVE-2026-42647 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL ... (9.3 CRITICAL)
- CVE-2026-39494 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW a... (9.3 CRITICAL)