A vulnerability described as critical has been identified in SourceCodester Pizzafy E-Commerce System 1.0 . Affected by this vulnerability is the function Login of the file /admin/admin_class_novo.php of the component Administrative Control Panel . The manipulation of the argument Username results in sql injection. This vulnerability is identified as CVE-2026-10704 . The attack can be executed remotely. Additionally, an exploit exists.