CVE-2026-4777

A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view_supplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
References
Link Resource
https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-ViewSupplier-searchtxt.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.352795 Permissions Required VDB Entry
https://vuldb.com/?id.352795 Third Party Advisory VDB Entry
https://vuldb.com/?submit.775169 Third Party Advisory VDB Entry
https://www.sourcecodester.com/ Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:ahsanriaz26gmailcom:sales_and_inventory_system:1.0:*:*:*:*:*:*:*

History

08 Apr 2026, 18:53

Type Values Removed Values Added
CPE cpe:2.3:a:ahsanriaz26gmailcom:sales_and_inventory_system:1.0:*:*:*:*:*:*:*
References () https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-ViewSupplier-searchtxt.md - () https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-ViewSupplier-searchtxt.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.352795 - () https://vuldb.com/?ctiid.352795 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.352795 - () https://vuldb.com/?id.352795 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.775169 - () https://vuldb.com/?submit.775169 - Third Party Advisory, VDB Entry
References () https://www.sourcecodester.com/ - () https://www.sourcecodester.com/ - Product
First Time Ahsanriaz26gmailcom
Ahsanriaz26gmailcom sales And Inventory System

25 Mar 2026, 15:41

Type Values Removed Values Added
Summary
  • (es) Se ha descubierto una vulnerabilidad de seguridad en SourceCodester Sales and Inventory System 1.0. Esto afecta una parte desconocida del archivo view_supplier.php del componente Gestor de Parámetros POST. La manipulación del argumento searchtxt resulta en inyección SQL. El ataque puede lanzarse de forma remota. El exploit ha sido publicado y puede ser utilizado para ataques.

24 Mar 2026, 22:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-03-24 22:16

Updated : 2026-06-17 10:57


NVD link : CVE-2026-4777

Mitre link : CVE-2026-4777

CVE.ORG link : CVE-2026-4777


JSON object : View

Products Affected

ahsanriaz26gmailcom

  • sales_and_inventory_system
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')