PT-2026-23998 · Sourcecodester · Sourcecodester Simple Inventory System
Fukun
·
Published
2026-03-09
·
Updated
2026-03-10
·
CVE-2026-3793
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Sales and Inventory System version 1.0
Description
A flaw exists in SourceCodester Sales and Inventory System 1.0 related to the handling of a GET parameter. Specifically, manipulation of the
sellid argument within the sales invoice1.php file can lead to SQL injection. This issue is remotely exploitable and has been publicly disclosed. The vulnerable component is the GET Parameter Handler.Recommendations
Apply a fix for the SQL injection issue in the
sales invoice1.php file related to the sellid parameter.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sourcecodester Simple Inventory System