CVE-2026-7393 - Vulnerability Analysis
MediumCVSS: 4.7Last Updated: April 29, 2026
SourceCodester Pizzafy Ecommerce System - Unrestricted File Upload
Published: April 29, 2026Updated: April 29, 2026PoC AvailableRemote Exploitable
Overview
SourceCodester Pizzafy Ecommerce System 1.0 contains an unrestricted file upload vulnerability caused by improper validation of the "img" argument in save_menu function of /admin/admin_class_novo.php, letting remote attackers upload arbitrary files, exploit requires no special privileges.
Severity & Score
Severity: Medium
CVSS Score: 4.7
Impact
Remote attackers can upload arbitrary files, potentially leading to remote code execution or full system compromise.
Mitigation
Update to the latest version or apply patches that restrict file upload validation.
References
Related Resources
Details
- CVE ID
- CVE-2026-7393
- Severity
- Medium
- CVSS Score
- 4.7
- Type
- unrestricted_file_upload
- Status
- new
CWE
- CWE-284
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L