CVE-2026-4826

low-risk

Published 2026-03-26

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /update_stock.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Sales And Inventory System

Affected Vendors

Ahsanriaz26Gmailcom

References (5)

Exploit https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-Up...

Permissions Required https://vuldb.com/?ctiid.353126

Third Party Advisory https://vuldb.com/?id.353126

Third Party Advisory https://vuldb.com/?submit.775177

Product https://www.sourcecodester.com/

/ 100

low-risk

Severity 23/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal