CVE-2026-4826

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /update_stock.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
References
Link Resource
https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-UpdateStock-sid.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.353126 Permissions Required VDB Entry
https://vuldb.com/?id.353126 Third Party Advisory VDB Entry
https://vuldb.com/?submit.775177 Third Party Advisory VDB Entry
https://www.sourcecodester.com/ Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:ahsanriaz26gmailcom:sales_and_inventory_system:1.0:*:*:*:*:*:*:*

History

07 Apr 2026, 18:22

Type Values Removed Values Added
References () https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-UpdateStock-sid.md - () https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-UpdateStock-sid.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.353126 - () https://vuldb.com/?ctiid.353126 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.353126 - () https://vuldb.com/?id.353126 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.775177 - () https://vuldb.com/?submit.775177 - Third Party Advisory, VDB Entry
References () https://www.sourcecodester.com/ - () https://www.sourcecodester.com/ - Product
First Time Ahsanriaz26gmailcom
Ahsanriaz26gmailcom sales And Inventory System
CPE cpe:2.3:a:ahsanriaz26gmailcom:sales_and_inventory_system:1.0:*:*:*:*:*:*:*

27 Mar 2026, 23:17

Type Values Removed Values Added
Summary
  • (es) Se determinó una vulnerabilidad en SourceCodester Sales and Inventory System 1.0. Esta vulnerabilidad afecta código desconocido del archivo /update_stock.php del componente Gestor de Parámetros HTTP GET. Esta manipulación del argumento sid provoca inyección SQL. La explotación remota del ataque es posible. El exploit ha sido divulgado públicamente y puede ser utilizado. Si desea obtener la mejor calidad de datos de vulnerabilidad, es posible que tenga que visitar VulDB.
Summary (en) A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /update_stock.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. If you want to get best quality of vulnerability data, you may have to visit VulDB. (en) A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /update_stock.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

26 Mar 2026, 00:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-03-26 00:16

Updated : 2026-06-17 10:57


NVD link : CVE-2026-4826

Mitre link : CVE-2026-4826

CVE.ORG link : CVE-2026-4826


JSON object : View

Products Affected

ahsanriaz26gmailcom

  • sales_and_inventory_system
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')