Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
SourceCodester Sales and Inventory System 1.0: SQL Injection Risk via GET Request
CVE-2026-4780
Summary
If an attacker knows the URL structure, they can inject malicious code into your database. This could let them access sensitive information or even take control of your system. Update your system to the latest version to fix this issue and protect your data.
Original title
A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file update_out_standing.php of the component HTTP GET Parameter Handler. Perfo...
Original description
A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file update_out_standing.php of the component HTTP GET Parameter Handler. Performing a manipulation of the argument sid results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 25 Mar 2026 · Updated: 25 Mar 2026 · First seen: 25 Mar 2026