Skip to content
CVSS 7.3 · HIGH

CVE-2026-7224

A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function delete_cart of the file /admin/ajax.php?action=delete_cart. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

View on NVD

Analysis

This vulnerability affects a project from SourceCodester, which is a platform for student and learning templates rather than production-grade software. While the SQL injection is serious and has a public exploit, the product is not used in professional environments or common dev stacks.

Severity

Score: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Weakness (CWE): CWE-74CWE-89

EPSS

Probability of exploitation (next 30 days): 0.0004 (0.0%)
Percentile: 11.7%
EPSS: 2026-05-06

Technical description

A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function delete_cart of the file /admin/ajax.php?action=delete_cart. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

Published: 4/28/2026, 6:16:04 AM
Last modified: 4/29/2026, 1:00:01 AM

References

HomeEventsBlogResourcesTeam