CVE-2026-4779

A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file update_customer_details.php of the component HTTP GET Parameter Handler. Such manipulation of the argument sid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:ahsanriaz26gmailcom:sales_and_inventory_system:1.0:*:*:*:*:*:*:*

History

07 Apr 2026, 18:20

Type Values Removed Values Added
First Time Ahsanriaz26gmailcom
Ahsanriaz26gmailcom sales And Inventory System
CPE cpe:2.3:a:ahsanriaz26gmailcom:sales_and_inventory_system:1.0:*:*:*:*:*:*:*
References () https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-UpdateCustomerDetails-sid.md - () https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-UpdateCustomerDetails-sid.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.352797 - () https://vuldb.com/?ctiid.352797 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.352797 - () https://vuldb.com/?id.352797 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.775172 - () https://vuldb.com/?submit.775172 - Third Party Advisory, VDB Entry
References () https://www.sourcecodester.com/ - () https://www.sourcecodester.com/ - Product

25 Mar 2026, 15:41

Type Values Removed Values Added
Summary
  • (es) Se ha detectado una vulnerabilidad de seguridad en SourceCodester Sales and Inventory System 1.0. Este problema afecta a un procesamiento desconocido del archivo update_customer_details.php del componente Gestor de Parámetros HTTP GET. Dicha manipulación del argumento sid conduce a una inyección SQL. El ataque puede ejecutarse de forma remota. El exploit ha sido divulgado públicamente y puede ser utilizado.

24 Mar 2026, 23:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-03-24 23:17

Updated : 2026-06-17 10:57


NVD link : CVE-2026-4779

Mitre link : CVE-2026-4779

CVE.ORG link : CVE-2026-4779


JSON object : View

Products Affected

ahsanriaz26gmailcom

  • sales_and_inventory_system
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')