SourceCodester Pizzafy Ecommerce System File Extension admin_class_novo.php save_menu unrestricted upload

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function save_menu of the file /admin/admin_class_novo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

Basic Information

ID CVE-2026-7393

Source VulDB

Published Apr 29, 2026 at 17:00

Modified Apr 29, 2026 at 17:39

Affected Product

Vendor SourceCodester

Product Pizzafy Ecommerce System

Version 1.0

Affected Versions SourceCodester Pizzafy Ecommerce System 1.0

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function save_menu of the file /admin/admin_class_novo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made public and could be used.",
    "published": "2026-04-29T17:00:16.996Z",
    "modified": "2026-04-29T17:39:13.325Z",
    "type": "cve",
    "title": "SourceCodester Pizzafy Ecommerce System File Extension admin_class_novo.php save_menu unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360118\nhttps://vuldb.com/vuln/360118/cti\nhttps://vuldb.com/submit/803522\nhttps://github.com/Xmyronn/Unrestricted-File-Upload-leading-to-Remote-Code-Execution-in-Pizzafy-Ecommerce-System.git\nhttps://www.sourcecodester.com/",
    "id": "CVE-2026-7393",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "SourceCodester Pizzafy Ecommerce System 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Pizzafy Ecommerce System",
    "version": "1.0",
    "vendor": "SourceCodester",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

SourceCodester Pizzafy Ecommerce System File Extension admin_class_novo.php save_menu unrestricted upload_CVE-2026-7393