CVE-2026-9447

HIGH 7.3

SourceCodester Simple POS and Inventory System search.php sql injection

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

9th

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

CWE	CWE-89 CWE-74
Vendor	sourcecodester
Product	simple pos and inventory system
Published	May 25, 2026
Last Updated	May 26, 2026

Stay Ahead of the Next One

Get instant alerts for sourcecodester simple pos and inventory system

Be the first to know when new high vulnerabilities affecting sourcecodester simple pos and inventory system are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

SourceCodester / Simple POS and Inventory System

1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/365428 vuldb.com: https://vuldb.com/vuln/365428/cti vuldb.com: https://vuldb.com/submit/813614 gist.github.com: https://gist.github.com/c4ttr4ck/24c157c90227c3f5cd5e5d871449fed8 sourcecodester.com: https://www.sourcecodester.com/

Credits

🔍 c4ttr4ck (VulDB User)