CVE-2026-3793

MEDIUM

SourceCodester Sales and Inventory System 1.0 - SQL Injection

Title source: llm

Description

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file sales_invoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

References (5)

[Exploit, Third Party Advisory] https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-SalesInvoice1-sellid.md

View Exploit ZIP pw:eip

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.349760

[Permissions Required, VDB Entry] https://vuldb.com/?id.349760

[Permissions Required, VDB Entry] https://vuldb.com/?submit.768048

[Various Sources] https://www.sourcecodester.com/

Scores

CVSS v3 6.3

EPSS 0.0001

EPSS Percentile 0.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-89 CWE-74

Status published

Affected Products (1)

ahsanriaz26gmailcom/sales_and_inventory_system

Timeline

Published Mar 09, 2026

Tracked Since Mar 09, 2026