CVE-2026-10704— SourceCodester Pizzafy E-Commerce System Administrative Control Panel admin_class_novo.php login sql injection
Affected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SourceCodester | Pizzafy E-Commerce System | 1.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-10704
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SourceCodester Pizzafy E-Commerce System Administrative Control Panel admin_class_novo.php login sql injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/admin_class_novo.php of the component Administrative Control Panel. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
SourceCodester Pizzafy E-Commerce System SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SourceCodester Pizzafy E-Commerce System是SourceCodester开源的一个pizafy电子商务系统。 SourceCodester Pizzafy E-Commerce System 1.0版本存在SQL注入漏洞,该漏洞源于文件/admin/admin_class_novo.php中组件Administrative Control Panel的函数Login对参数Username的操作,可能导致SQL注入。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SourceCodester | Pizzafy E-Commerce System | 1.0 | cpe:2.3:a:sourcecodester:pizzafy_e-commerce_system:*:*:*:*:*:*:*:* |
II. Public POCs for CVE-2026-10704
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 8001 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-10704
请登录查看更多情报信息。
News Coverage for CVE-2026-10704 (1)
Other References for CVE-2026-10704 (1)
Same Patch Batch · SourceCodester · 2026-06-03 · 3 CVEs total
| CVE-2026-10694 | 7.3 HIGH | SourceCodester Online Food Ordering System index.php include file inclusion |
| CVE-2026-10693 | 6.3 MEDIUM | SourceCodester Online Boat Reservation System Administrative Endpoint improper authorizati |
IV. Related Vulnerabilities
Same vendor: SourceCodester
- CVE-2026-12529
SourceCodester CET Automated Grading System with AI Predicti - CVE-2026-12176
SourceCodester CET Automated Grading System with AI Predicti - CVE-2026-11552
SourceCodester Onlne Examination & Learning Management Syste - CVE-2026-11520
SourceCodester Inventory System header.php cross site script - CVE-2026-11519
SourceCodester Inventory System Account Creation users_handl
Same weakness: CWE-89
- CVE-2019-25761
Joomla! Component JoomCRM 1.1.1 SQL Injection via deal_id - CVE-2019-25759
Joomla! Component vBizz 1.0.7 SQL Injection - CVE-2019-25757
Joomla vWishlist 1.0.1 SQL Injection via vproductid Paramete - CVE-2019-25756
Joomla! Component vAccount 2.0.2 SQL Injection via vaccount- - CVE-2019-25755
Joomla vReview 1.9.11 SQL Injection via editReview
V. Comments for CVE-2026-10704
No comments yet