CVE-2026-9446

EUVD-2026-31660
A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/edit_customer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.7 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Common Weakness Enumeration
References
https://gist.github.com/c4ttr4ck/599151a2b90c1cd620933c992873c67a
https://vuldb.com/submit/813613
https://vuldb.com/vuln/365427
https://vuldb.com/vuln/365427/cti
https://www.sourcecodester.com/