CVE-2026-4825

CVSS v3.1

6.3

Medium

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /update sales.php of the component HTTP GET Parameter Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2026-4825

Affected Products

Sales/Inventory System

CVE-2026-4825

Weakness Enumeration

Related Identifiers

Affected Products

References · 6