CVE-2026-7407 PUBLISHED

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save_settings of the file /pizzafy/admin/ajax.php?action=save_settings of the component Setting Handler. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

• r3ng4f (VulDB User) reporter

• VDB-360141 | SourceCodester Pizzafy Ecommerce System Setting ajax.php save_settings sql injection
• VDB-360141 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #803613 | SourceCodester Pizzafy Ecommerce System 1.0 SQL Injection (Error-Based)
• https://github.com/r3ng4f/Pizzafy_1/blob/main/01-exploit.md
• https://www.sourcecodester.com/

• SQL Injection CWE
• Injection CWE