CVE-2026-4781 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A flaw has been found in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of the file update_purchase.php of the compo…
Medium CVSS: 5.3

CVE-2026-4781

A flaw has been found in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of the file update_purchase.php of the component HTTP GET Parameter Handler. Executing a manipulation of the argument sid can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
Vendor
-
Product
-
CWE
CWE-74
Yayın Tarihi
2026-03-25 00:16:41
Güncelleme
2026-03-25 15:41:58
Source Identifier
cna@vuldb.com
KEV Date Added
-

Kategoriler

CWE-74 MEDIUM 2026

Referanslar

https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-UpdatePurchase-sid.md https://vuldb.com/?ctiid.352799 https://vuldb.com/?id.352799 https://vuldb.com/?submit.775174 https://www.sourcecodester.com/