Unrestricted Upload Vulnerability in SourceCodester Pizzafy Ecommerce System
CVE-2026-16226

5.1MEDIUM

Key Information:

Vendor
CVE Published:
19 July 2026

What is CVE-2026-16226?

A vulnerability exists in the SourceCodester Pizzafy Ecommerce System version 1.0 within the 'save_settings' function of the '/admin/admin_class_novo.php' file. This weakness allows for an unrestricted file upload due to improper validation of the 'img' argument. Malicious users can exploit this flaw remotely, enabling them to upload arbitrary files to the server. Such unauthorized file uploads can lead to further compromises, including server takeover or data breaches.

Affected Version(s)

Pizzafy Ecommerce System 1.0

References

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

q1w2e3r4t5y6 (VulDB User)
VulDB Vulnerability Moderation Team
.