Skip to content
CVSS 7.3 · HIGH

CVE-2026-7227

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

Ver en NVD

Análisis

This is a vulnerability in a SourceCodester project, which are typically small-scale scripts used for educational purposes or hobbyists. It does not have the deployment scale or professional relevance required for the community feed, and the vendor is not part of the standard enterprise or open-source stack.

Severidad

Puntaje: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Tipo de falla (CWE): CWE-74CWE-89

EPSS

Probabilidad de explotación (próx. 30 días): 0.0004 (0.0%)
Percentil: 11.7%
EPSS: 2026-05-06

Descripción técnica

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

Publicada: 28/4/2026, 6:16:05
Última modificación: 29/4/2026, 1:00:01

Referencias

InicioEventosBlogRecursosEquipo