PT-2026-35959 · Sourcecodester · Pizzafy Ecommerce System

Imad Alvi

Published

2026-04-29

Updated

2026-04-29

CVE-2026-7393

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:L/Au:M/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SourceCodester Pizzafy Ecommerce System version 1.0

Description An unrestricted upload issue exists in the File Extension Handler component. A remote attacker can manipulate the img argument within the save menu() function of the '/admin/admin class novo.php' file to upload arbitrary files.

Recommendations Restrict access to the save menu() function in the '/admin/admin class novo.php' file or validate the img parameter to prevent unrestricted file uploads.

Exploit

Fix

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2026-7393

Affected Products

Pizzafy Ecommerce System

PT-2026-35959 · Sourcecodester · Pizzafy Ecommerce System

CVE-2026-7393

Weakness Enumeration

Related Identifiers

Affected Products

References · 7