CVE-2026-4570

Name of the Vulnerable Software and Affected Versions SourceCodester Sales and Inventory System version 1.0

Description A flaw exists in SourceCodester Sales and Inventory System 1.0 related to the handling of HTTP POST requests. Specifically, manipulation of the searchtxt argument within a POST request to the /view customers.php file can lead to SQL injection. The vulnerable component is an unknown function within this file. The exploit is publicly available.

Recommendations Apply any available updates to address the SQL injection issue in the HTTP POST Request Handler. As a temporary workaround, consider restricting or carefully validating the searchtxt parameter in POST requests to the /view customers.php file.