A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file update_customer_details.php of the component HTTP GET Parameter Handler. Such manipulation of the argument sid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
References
| Link | Resource |
|---|---|
| https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-UpdateCustomerDetails-sid.md | Exploit Third Party Advisory |
| https://vuldb.com/?ctiid.352797 | Permissions Required VDB Entry |
| https://vuldb.com/?id.352797 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.775172 | Third Party Advisory VDB Entry |
| https://www.sourcecodester.com/ | Product |
Configurations
History
07 Apr 2026, 18:20
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Ahsanriaz26gmailcom
Ahsanriaz26gmailcom sales And Inventory System |
|
| CPE | cpe:2.3:a:ahsanriaz26gmailcom:sales_and_inventory_system:1.0:*:*:*:*:*:*:* | |
| References | () https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-UpdateCustomerDetails-sid.md - Exploit, Third Party Advisory | |
| References | () https://vuldb.com/?ctiid.352797 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.352797 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.775172 - Third Party Advisory, VDB Entry | |
| References | () https://www.sourcecodester.com/ - Product |
25 Mar 2026, 15:41
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
24 Mar 2026, 23:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-03-24 23:17
Updated : 2026-06-17 10:57
NVD link : CVE-2026-4779
Mitre link : CVE-2026-4779
CVE.ORG link : CVE-2026-4779
JSON object : View
Products Affected
ahsanriaz26gmailcom
- sales_and_inventory_system
