CVE-2026-4779

MEDIUM 6.3

SourceCodester Sales and Inventory System HTTP GET Parameter update_customer_details.php sql injection

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

8th

A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file update_customer_details.php of the component HTTP GET Parameter Handler. Such manipulation of the argument sid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

CWE	CWE-89 CWE-74
Vendor	sourcecodester
Product	sales and inventory system
Published	Mar 24, 2026
Last Updated	Mar 27, 2026

Stay Ahead of the Next One

Get instant alerts for sourcecodester sales and inventory system

Be the first to know when new medium vulnerabilities affecting sourcecodester sales and inventory system are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

SourceCodester / Sales and Inventory System

1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.352797 vuldb.com: https://vuldb.com/?ctiid.352797 vuldb.com: https://vuldb.com/?submit.775172 github.com: https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-UpdateCustomerDetails-sid.md sourcecodester.com: https://www.sourcecodester.com/

Credits

🔍 FuKun (VulDB User)