Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
SourceCodester Sales and Inventory System: SQL Injection Risk in Search
CVE-2026-3791
Summary
A security issue in the SourceCodester Sales and Inventory System, specifically in its search feature, allows an attacker to manipulate data remotely. This could potentially lead to unauthorized access to sensitive information. If you use this system, update it to the latest version to protect your data.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ahsanriaz26gmailcom | sales_and_inventory_system | 1.0 | – |
Original title
A vulnerability has been found in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file dashboard.php of the component Search. The manipula...
Original description
A vulnerability has been found in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file dashboard.php of the component Search. The manipulation of the argument searchtxt leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026