EUVD-2026-26292

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=addtocart. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to...

CVE-2026-7410

CVE-2026-7410 affects SourceCodester Pizzafy Ecommerce System 1.0. The vulnerability is in /admin/ajax.php?action=add_to_cart, where manipulating the pid parameter causes an SQL injection. The exploit is publicly disclosed and the CVSS metrics indicate medium severity (base scores ~5.3–6.5) with ...

n8n has SQL Injection in SeaTable Node

Impact A flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the SeaTable node's search or row...

n8n has SQL Injection in Oracle Database Node via Limit Field

Impact A flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization or parameterization. In workflows where external input is passed into the Limit field e.g., fr...

GHSA-HP3C-VFPM-Q4F7 n8n has SQL Injection in Snowflake and MySQL Nodes

Impact The fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, and update keys into query strings without identifier escaping, enabling SQL injection against...

SQL Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection via the process of constructing SQL queries in the Snowflake and legacy MySQL v1 nodes when user-controlled input is directly interpolated into identifier fields such as table name,...

n8n has SQL Injection in Snowflake and MySQL Nodes

Impact The fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, and update keys into query strings without identifier escaping, enabling SQL injection against...

CVE-2026-7409

CVE-2026-7409 affects SourceCodester Pizzafy Ecommerce System 1.0, specifically the /admin/ajax.php?action=save_user function. The issue allows remote execution of SQL injection through manipulation of the save_user process. CVSS metrics in the document indicate network attack vector, low complex...

CVE-2026-7409

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveuser of the file /admin/ajax.php?action=saveuser. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...

appsmith has SQL Injection in FilterDataService via Unsafe DROP TABLE Execution

Summary A SQL injection vulnerability exists in FilterDataServiceCE.java where the dropTable method constructs a SQL DROP TABLE statement using string concatenation with the table name. If the table name is derived from user input, this allows for arbitrary SQL command execution. Details The...

CVE-2026-7264

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function getcartitems of the file /admin/ajax.php?action=getcartitems. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been ma...

CVE-2026-41460

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this...

CVE-2026-7408 SourceCodester Pizzafy Ecommerce System ajax.php save_menu sql injection

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be...

CVE-2026-7408 SourceCodester Pizzafy Ecommerce System ajax.php save_menu sql injection

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be...

CVE-2026-7408

The CVE-2026-7408 affects SourceCodester Pizzafy Ecommerce System 1.0. The vulnerable component is the save_menu function in /admin/ajax.php?action=save_menu. Manipulation of input leads to SQL injection, exploitable remotely. Public exploit appears to exist. No remediation details are provided i...

CVE-2026-7407

The CVE-2026-7407 vulnerability affects SourceCodester Pizzafy Ecommerce System 1.0, specifically the save_settings function in /pizzafy/admin/ajax.php?action=save_settings (Setting Handler). The issue is a SQL injection caused by input manipulation in that endpoint, enabling remote attackers to ...

CVE-2026-7407 SourceCodester Pizzafy Ecommerce System Setting ajax.php save_settings sql injection

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function savesettings of the file /pizzafy/admin/ajax.php?action=savesettings of the component Setting Handler. Such manipulation leads to sql injection. It is possible...

CVE-2026-7407

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function savesettings of the file /pizzafy/admin/ajax.php?action=savesettings of the component Setting Handler. Such manipulation leads to sql injection. It is possible...

EUVD-2026-26289

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function savesettings of the file /pizzafy/admin/ajax.php?action=savesettings of the component Setting Handler. Such manipulation leads to sql injection. It is possible...

CVE-2026-7407 SourceCodester Pizzafy Ecommerce System Setting ajax.php save_settings sql injection

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function savesettings of the file /pizzafy/admin/ajax.php?action=savesettings of the component Setting Handler. Such manipulation leads to sql injection. It is possible...