A vulnerability labeled as critical has been found in SourceCodester Pizzafy Ecommerce System 1.0 . Affected by this vulnerability is an unknown functionality of the file /admin/view_order.php of the component GET Parameter Handler . Executing a manipulation of the argument ID can lead to sql injection. This vulnerability appears as CVE-2026-7394 . The attack may be performed from remote. In addition, an exploit is available.