CVE-2026-7394

Name of the Vulnerable Software and Affected Versions SourceCodester Pizzafy Ecommerce System version 1.0

Description A remote SQL injection exists in the GET Parameter Handler of the '/admin/view order.php' file. This issue occurs when the ID argument is manipulated, allowing an attacker to execute arbitrary SQL commands.

Recommendations As a temporary workaround, avoid using the ID parameter in the '/admin/view order.php' endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.