CVE-2026-7266

· NIST NVD ↗

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function save_order of the file /admin/ajax.php?action=save_order. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

MEDIUM
CVSS severity
6.3
CVSS base score
2026-04-28
Published

CWE codes

CWE-74CWE-89

Sources