CVE-2026-10704

Name of the Vulnerable Software and Affected Versions SourceCodester Pizzafy E-Commerce System version 1.0

Description An SQL injection issue exists in the Administrative Control Panel component. The Login() function within the /admin/admin class novo.php file is susceptible to remote attacks through the manipulation of the Username argument. SQL injection is a technique where an attacker inserts malicious SQL code into a query, allowing them to interfere with the application's database.

Recommendations Update SourceCodester Pizzafy E-Commerce System version 1.0 to a patched version. As a temporary workaround, restrict access to the /admin/admin class novo.php file or the Login() function until a fix is applied.