CVE-2026-9444

MEDIUM 4.7

SourceCodester Simple POS and Inventory System GET Parameter deleteproduct.php delete sql injection

CVSS Score

4.7

EPSS Score

0.0%

EPSS Percentile

8th

A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.

CWE	CWE-89 CWE-74
Vendor	sourcecodester
Product	simple pos and inventory system
Published	May 25, 2026
Last Updated	May 26, 2026

Stay Ahead of the Next One

Get instant alerts for sourcecodester simple pos and inventory system

Be the first to know when new medium vulnerabilities affecting sourcecodester simple pos and inventory system are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

SourceCodester / Simple POS and Inventory System

1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/365425 vuldb.com: https://vuldb.com/vuln/365425/cti vuldb.com: https://vuldb.com/submit/813611 gist.github.com: https://gist.github.com/c4ttr4ck/5d05aaee5b43f259ebe8bb8bce5c658f sourcecodester.com: https://www.sourcecodester.com/

Credits

🔍 c4ttr4ck (VulDB User)