This vulnerability affects SourceCodester Pizzafy Ecommerce System 1.0 and involves an SQL injection flaw in an unspecified function within the /view_prod.php file. The issue arises from improper sanitization or validation of the ID parameter, enabling remote attackers to inject malicious SQL queries. The vulnerability has a CVSS 4.0 base score of 5.3, indicating medium severity, with network attack vector, low complexity, no privileges required, and no user interaction needed. While an exploit has been published, there is no vendor-provided patch or official remediation information at this time.

Successful exploitation could allow an attacker to execute arbitrary SQL commands on the backend database, potentially leading to unauthorized data access or modification. The impact is limited by the medium severity score and the lack of confirmed exploitation in the wild. However, the vulnerability could be leveraged to compromise the integrity and confidentiality of the ecommerce system's data.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider implementing web application firewall (WAF) rules to detect and block SQL injection attempts targeting the ID parameter in /view_prod.php. Additionally, review and harden input validation and parameter sanitization in the affected application code if possible.