Simple%20POS%20and%20Inventory%20System

CVE-2026-9447

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-6.9||MEDIUM

EPSS-Not Assigned

Published-25 May, 2026 | 09:45

Updated-25 May, 2026 | 09:45

SourceCodester Simple POS and Inventory System search.php sql injection

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

Vendor-SourceCodester

Product-Simple POS and Inventory System

CWE ID-CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2026-9446

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-5.1||MEDIUM

EPSS-Not Assigned

Published-25 May, 2026 | 09:30

Updated-25 May, 2026 | 09:30

SourceCodester Simple POS and Inventory System edit_customer.php sql injection

A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/edit_customer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

Vendor-SourceCodester

Product-Simple POS and Inventory System

CWE ID-CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2026-9445

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-5.3||MEDIUM

EPSS-Not Assigned

Published-25 May, 2026 | 09:15

Updated-25 May, 2026 | 09:15

SourceCodester Simple POS and Inventory System File Extension addproduct.php unrestricted upload

A flaw has been found in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Vendor-SourceCodester

Product-Simple POS and Inventory System

CWE ID-CWE-284

Improper Access Control

CWE ID-CWE-434

Unrestricted Upload of File with Dangerous Type

CVE-2026-9444

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-5.1||MEDIUM

EPSS-Not Assigned

Published-25 May, 2026 | 09:00

Updated-25 May, 2026 | 09:00

SourceCodester Simple POS and Inventory System GET Parameter deleteproduct.php delete sql injection

A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.

Vendor-SourceCodester

Product-Simple POS and Inventory System

CWE ID-CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Simple POS and Inventory System

Source -

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -