CVE Catalog

CVE-2026-14713

HighCVSS 7.3
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

18th percentile — higher than 18% of all known CVEs

Summary

A SQL injection vulnerability has been discovered in SourceCodester Pizzafy E-Commerce System 1.0 in the file /admin/ajax.php?action=confirm_order. An attacker can remotely manipulate the ID argument, leading to SQL injection. The exploit has been publicly released.

Risk Assessment

The risk includes unauthorized database access, leakage of customer and order data, and potential system takeover.

Recommendation

Immediately update the system to the latest version or apply a security patch. In the meantime, restrict access to the admin panel and validate all input.

Original NVD description (English source)

A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirm_order. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS