Description
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects an unknown function of the file /view_prod.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
Published: 2026-04-28
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL injection via view_prod.php
Action: Patch Immediately
AI Analysis

Impact

A flaw in the SourceCodester Pizzafy Ecommerce System 1.0 allows a remote attacker to manipulate the ID argument in the /view_prod.php page, resulting in SQL injection. The vulnerability is classified as a form of input validation weakness and an injection flaw, as indicated by the CWE identifiers. An attacker can craft malicious SQL statements that the application will execute, potentially leading to data exposure, tampering, or unauthorized database operations.

Affected Systems

The affected product is SourceCodester Pizzafy Ecommerce System version 1.0. No additional sub‑components are listed; the vulnerability resides in the view_prod.php file of this version.

Risk and Exploitability

The CVSS score of 5.3 indicates a medium severity. The EPSS score is not available, so the likelihood of exploitation in the wild cannot be quantified from the data. The vulnerability is not listed in the CISA KEV catalog. Because the attack can be performed remotely by altering an HTTP GET or POST parameter, an attacker with network access to the web server could potentially inject SQL commands and compromise the underlying database.

Generated by OpenCVE AI on April 28, 2026 at 12:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SourceCodester Pizzafy Ecommerce System to the latest patched version or replace the vulnerable "view_prod.php" file with a secured version that uses parameterized queries.
  • Sanitize and validate all user-supplied parameters, especially the ID argument, before they are embedded in SQL statements.
  • Implement a web application firewall or equivalent input filtering to detect and block SQL injection attempts on incoming requests.

Generated by OpenCVE AI on April 28, 2026 at 12:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester pizzafy Ecommerce System
Vendors & Products Sourcecodester
Sourcecodester pizzafy Ecommerce System

Tue, 28 Apr 2026 11:30:00 +0000

Type Values Removed Values Added
Description A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects an unknown function of the file /view_prod.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
Title SourceCodester Pizzafy Ecommerce System view_prod.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sourcecodester Pizzafy Ecommerce System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-28T13:49:30.290Z

Reserved: 2026-04-28T05:23:23.927Z

Link: CVE-2026-7267

cve-icon Vulnrichment

Updated: 2026-04-28T13:49:26.719Z

cve-icon NVD

Status : Received

Published: 2026-04-28T12:16:02.317

Modified: 2026-04-28T12:16:02.317

Link: CVE-2026-7267

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T12:30:30Z

Weaknesses