CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/04/29 5:15 p.m.•5 views

CVE-2026-7394

SourceCodester Pizzafy Ecommerce System 1.0 is affected by SQL Injection in the admin/view_order.php file via the id GET parameter. The vulnerability arises from insufficient sanitization before using the parameter in a MySQL query. An authenticated administrator can manipulate this parameter to ...

Cvelist•added 2026/04/29 5:15 p.m.•26 views

CVE-2026-7394 SourceCodester Pizzafy Ecommerce System GET Parameter view_order.php sql injection

5.8CVSS0.00039EPSS

ATTACKERKB•added 2026/04/29 5:15 p.m.•0 views

CVE-2026-7394

Exploits1References5Affected Software1

Vulnrichment•added 2026/04/29 5:15 p.m.•2 views

CVE-2026-7394 SourceCodester Pizzafy Ecommerce System GET Parameter view_order.php sql injection

CNNVD•added 2026/04/29 12:0 a.m.•4 views

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a vulnerability related to SQL injection, which arises from improper handling of the parameter ID in the file admin/vieworder.php...

5.8CVSS5.8AI score0.00039EPSS

Exploits1References1

Positive Technologies•added 2026/04/29 12:0 a.m.•2 views

PT-2026-35963

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/view order.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may...

Packet Storm•added 2026/04/29 12:0 a.m.•46 views

Exploits1References6

📄 Pizzafy Ecommerce System 1.0 SQL Injection

The admin/vieworder.php endpoint in Pizzafy Ecommerce System version 1.0 fails to properly sanitize the id GET parameter before passing it to a MySQL query. An authenticated administrator can manipulate this parameter to inject arbitrary SQL, leading to full database compromise. SQL Injection in...

5.8CVSS5.3AI score0.00039EPSS

Exploits1

RedhatCVE•added 2025/10/11 1:5 p.m.•1 views

CVE-2025-62237

Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...

4.8CVSS5.4AI score0.00031EPSS

OSV•added 2025/10/10 3:31 p.m.•2 views

GHSA-M4G9-5MG6-GFR3 Liferay Portal Commerce is vulnerable to XSS through account "name" field

4.8CVSS5.5AI score0.00031EPSS

Exploits0References4

EUVD•added 2025/10/10 3:31 p.m.•2 views

EUVD-2025-33721

Liferay Portal Commerce is vulnerable to XSS through account "name" field...

4.8CVSS5.8AI score0.00031EPSS

Exploits0References4

Github Security Blog•added 2025/10/10 3:31 p.m.•4 views

Liferay Portal Commerce is vulnerable to XSS through account "name" field

5.4CVSS5.5AI score0.00031EPSS

Exploits0References4Affected Software1

NVD•added 2025/10/10 1:15 p.m.•1 views

CVE-2025-62237

5.4CVSS0.00031EPSS

OSV•added 2025/10/10 1:15 p.m.•1 views

CVE-2025-62237

5.4CVSS5.3AI score0.00031EPSS

Cvelist•added 2025/10/10 12:51 p.m.•3 views

CVE-2025-62237

4.8CVSS0.00031EPSS

CVE•added 2025/10/10 12:51 p.m.•6 views

CVE-2025-62237

Summary of CVE-2025-62237 : A stored Cross-site Scripting (XSS) vulnerability affects Liferay Portal/MCommerce integration. The issue arises in the Commerce view order page, where input in the Account “Name” field is not properly neutralized before storage and display, enabling an attacker to inj...

5.4CVSS5AI score0.00031EPSS

Exploits0References1Affected Software2

Vulnrichment•added 2025/10/10 12:51 p.m.•1 views

CVE-2025-62237

4.8CVSS5AI score0.00031EPSS