CVE-2026-7393

MEDIUM CVSS 4.7 View on NVD ↗

Description

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function save_menu of the file /admin/admin_class_novo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

References

https://github.com/Xmyronn/Unrestricted-File-Upload-leading-to-Remote-Code-Execution-in-Pizzafy-Ecommerce-System.git
https://vuldb.com/submit/803522
https://vuldb.com/vuln/360118
https://vuldb.com/vuln/360118/cti
https://www.sourcecodester.com/

Published: Apr 29, 2026 17:16 UTC Modified: Apr 29, 2026 21:16 UTC