A vulnerability identified as critical has been detected in SourceCodester Pizzafy Ecommerce System 1.0 . Affected is the function save_menu of the file /admin/admin_class_novo.php of the component File Extension Handler . Performing a manipulation of the argument img results in unrestricted upload. This vulnerability is reported as CVE-2026-7393 . The attack is possible to be carried out remotely. Moreover, an exploit is present.