Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
SourceCodester Sales and Inventory System: SQL Injection via Malicious Input
CVE-2026-3756
Summary
A vulnerability in SourceCodester Sales and Inventory System version 1.0 allows an attacker to inject malicious SQL code by manipulating user input, potentially leading to unauthorized access or data theft. This vulnerability can be exploited remotely and an exploit is publicly available. To protect your system, update to a newer version of the software or apply a patch if available.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ahsanriaz26gmailcom | sales_and_inventory_system | 1.0 | – |
Original title
A vulnerability was identified in SourceCodester Sales and Inventory System up to 1.0. Affected is an unknown function of the file /check_item_details.php. The manipulation of the argument stock_na...
Original description
A vulnerability was identified in SourceCodester Sales and Inventory System up to 1.0. Affected is an unknown function of the file /check_item_details.php. The manipulation of the argument stock_name1 leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 8 Mar 2026 · Updated: 13 Mar 2026 · First seen: 8 Mar 2026