PT-2026-27524 · Sourcecodester · Sourcecodester Simple Inventory System
Fukun
·
Published
2026-03-24
·
Updated
2026-04-15
·
CVE-2026-4781
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Sales and Inventory System version 1.0
Description
A flaw exists in SourceCodester Sales and Inventory System that allows for SQL injection. The issue is located within the
update purchase.php file, specifically through manipulation of the sid argument via an HTTP GET request. This allows for remote execution of the attack. The exploit has been published.Recommendations
Apply updates to address the SQL injection issue in the
update purchase.php file.
As a temporary workaround, restrict access to the update purchase.php file.
Avoid using the sid parameter in the affected HTTP GET request until the issue is resolved.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sourcecodester Simple Inventory System