Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
SourceCodester Sales and Inventory System 1.0 SQL Injection Vulnerability
CVE-2026-4781
Summary
The SourceCodester Sales and Inventory System 1.0 has a security flaw that allows an attacker to potentially inject malicious SQL code. This could allow an attacker to access sensitive information or take control of the system. We recommend updating to a fixed version to protect against this vulnerability.
Original title
A flaw has been found in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of the file update_purchase.php of the component HTTP GET Parameter Handler. Exec...
Original description
A flaw has been found in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of the file update_purchase.php of the component HTTP GET Parameter Handler. Executing a manipulation of the argument sid can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 25 Mar 2026 · Updated: 25 Mar 2026 · First seen: 25 Mar 2026