CVE-2026-4781 | SourceCodester Sales and Inventory System 1.0 HTTP GET Parameter update_purchase.php sid sql injection

Inserito da Angelo Barbosa | Mar 24, 2026 | CVE

A vulnerability described as critical has been identified in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of the file update_purchase.php of the component HTTP GET Parameter Handler. Executing a manipulation of the argument sid can lead to sql injection.

This vulnerability appears as CVE-2026-4781. The attack may be performed from remote. In addition, an exploit is available.

CVE-2026-4781 | SourceCodester Sales and Inventory System 1.0 HTTP GET Parameter update_purchase.php sid sql injection

Post correlati

CVE-2025-13426 | Google Cloud Apigee Hybrid up to 1.11.1/1.12.3/1.13.2/1.14.0 Javacallout Policy dynamically-managed code resources

CVE-2024-42790 | Kashipara Music Management System 1.0 index.php page cross site scripting

CVE-2025-13486 | Advanced Custom Fields Plugin up to 0.9.1.1 on WordPress prepare_form Remote Code Execution

CVE-2024-35699 | HasThemes HT Feed Plugin up to 1.2.8 on WordPress cross site scripting