CVE-2026-3754

low-risk

Published 2026-03-08

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /add_stock.php. Performing a manipulation of the argument cost results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Sales And Inventory System

Affected Vendors

Ahsanriaz26Gmailcom

References (5)

Exploit https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-Ad...

Permissions Required https://vuldb.com/?ctiid.349732

Third Party Advisory https://vuldb.com/?id.349732

VDB Entry https://vuldb.com/?submit.768038

Product https://www.sourcecodester.com/

/ 100

low-risk

Severity 23/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal