CVE-2026-4779

MEDIUM NVD

CVSS Score 6.3

Severity MEDIUM

Published Mar 24, 2026

Vendor unknown

Description

A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file update_customer_details.php of the component HTTP GET Parameter Handler. Such manipulation of the argument sid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

References

https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-UpdateCustomerDetails-sid.md
https://vuldb.com/?ctiid.352797
https://vuldb.com/?id.352797
https://vuldb.com/?submit.775172
https://www.sourcecodester.com/