A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file update_out_standing.php of the component HTTP GET Parameter Handler. Performing a manipulation of the argument sid results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
References
| Link | Resource |
|---|---|
| https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-UpdateOutStanding-sid.md | Exploit Third Party Advisory |
| https://vuldb.com/?ctiid.352798 | Permissions Required VDB Entry |
| https://vuldb.com/?id.352798 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.775173 | Third Party Advisory VDB Entry |
| https://www.sourcecodester.com/ | Product |
Configurations
History
07 Apr 2026, 18:21
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:ahsanriaz26gmailcom:sales_and_inventory_system:1.0:*:*:*:*:*:*:* | |
| First Time |
Ahsanriaz26gmailcom
Ahsanriaz26gmailcom sales And Inventory System |
|
| References | () https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-UpdateOutStanding-sid.md - Exploit, Third Party Advisory | |
| References | () https://vuldb.com/?ctiid.352798 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.352798 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.775173 - Third Party Advisory, VDB Entry | |
| References | () https://www.sourcecodester.com/ - Product |
25 Mar 2026, 15:41
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
25 Mar 2026, 00:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-03-25 00:16
Updated : 2026-06-17 10:57
NVD link : CVE-2026-4780
Mitre link : CVE-2026-4780
CVE.ORG link : CVE-2026-4780
JSON object : View
Products Affected
ahsanriaz26gmailcom
- sales_and_inventory_system
