14 matches found
CVE-2026-7393
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function savemenu of the file /admin/adminclassnovo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...
EUVD-2026-26265
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function savemenu of the file /admin/adminclassnovo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...
CVE-2026-7295
CVE-2026-7295 affects SourceCodester Pizzafy Ecommerce System 1.0. The vulnerability lies in the /admin/ajax.php?action=save_menu function, where manipulating the Name argument enables cross-site scripting (XSS). Exploitation can be performed remotely; the exploit has been disclosed publicly. No ...
PT-2026-35662
A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function delete menu of the file /admin/ajax.php?action=delete menu. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploi...
PT-2026-35815
A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save menu of the file /admin/ajax.php?action=save menu. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has...
CVE-2023-29848
Bang Resto 1.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the itemName parameter in the admin/menu.php Add New Menu function...
EUVD-2023-33385
Malicious code in bioql PyPI...
EUVD-2025-24541
Malicious code in bioql PyPI...
CVE-2025-8491
The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsceprmsavemenu function. This makes it possible for unauthenticated attackers to upload a men...
CVE-2025-8491 Easy restaurant menu manager <= 2.0.2 - Cross-Site Request Forgery to Menu Upload
The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsceprmsavemenu function. This makes it possible for unauthenticated attackers to upload a men...
CVE-2022-32330
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=deletemenu...
Online Pizza Ordering System 代码问题漏洞
Online Pizza Ordering System is an online pizza ordering system by Carlo Montero Personal Developer. A code issue vulnerability exists in SourceCodester Online Pizza Ordering System version 1.0, which stems from a security issue in the function savemenu that results in unrestricted uploads...
PT-2023-16950 · Unknown · Sourcecodester Online Pizza Ordering System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Pizza Ordering System version 1.0 Description: A critical issue has been found, affecting the save menu function, which leads to unrestricted upload. The attack can be launched remotely. Recommendations: For SourceCodest...
Multiple BestWebSoft WordPress plugins vulnerable to cross-site scripting
Overview Multiple WordPress Plugins provided by BestWebSoft use a common function for displaying the BestWebSoft menu. This function contains a cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...