CVE-2026-10559

SourceCodester Pizzafy Ecommerce System index.php file inclusion

CVSS 5.3 MEDIUMEPSS 0.2%CWE-73

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is an unknown function of the file /index.php. Executing a manipulation of the argument page can lead to file inclusion. The attack may be performed from remote. The exploit has been published and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Affected products

SourceCodester · Pizzafy Ecommerce System

public PoCs found — 1

cve_referencegithub.com/cyber-bhaskar10/CVE-Writeups/blob/main/CVE%20Writeup%20LFI%20via%20Null%20Byte%20Injection%20in%20index.php.mdunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/cyber-bhaskar10/CVE-Writeups/blob/main/CVE%20Writeup%20LFI%20via%20Null%20Byte%20Injection%20in%20index.php.md https://vuldb.com/cve/CVE-2026-10559 https://vuldb.com/submit/828822 https://vuldb.com/vuln/367649 https://vuldb.com/vuln/367649/cti https://www.sourcecodester.com/