← volver
CVE-2026-3793

SourceCodester Sales and Inventory System GET Parameter sales_invoice1.php sql injection

CVSS 5.3 MEDIUMEPSS 0.4%CWE-74CWE-89
A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file sales_invoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
SourceCodester · Sales and Inventory System

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-SalesInvoice1-sellid.mdhttps://vuldb.com/?ctiid.349760https://vuldb.com/?id.349760https://vuldb.com/?submit.768048https://www.sourcecodester.com/