CVE-2026-4781
SQL Injection in SourceCodester Sales Inventory update_purchase.php
Publication date: 2026-03-25
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ahsanriaz26gmailcom | sales_and_inventory_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can allow attackers to exfiltrate sensitive data by retrieving database contents, including enumerating database schema such as tables and columns.
Attackers may compromise the entire backend database, leading to unauthorized access to confidential information, potential data manipulation, and disruption of system operations.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-4781 is a SQL Injection vulnerability found in SourceCodester Sales and Inventory System version 1.0, specifically in the update_purchase.php file. The flaw exists because the application does not properly sanitize the 'sid' parameter in HTTP GET requests. This allows an authenticated attacker to inject arbitrary SQL commands into the backend MySQL database."}, {'type': 'paragraph', 'content': 'The injection supports UNION-based queries with up to 23 columns, enabling attackers to retrieve and display sensitive database information. It also supports blind SQL injection techniques such as Boolean-based and time-based methods.'}, {'type': 'paragraph', 'content': "Exploitation involves sending crafted HTTP GET requests with malicious SQL payloads in the 'sid' parameter, which can be automated using tools like sqlmap."}] [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by testing the 'sid' parameter in HTTP GET requests to the 'update_purchase.php' file for SQL injection flaws."}, {'type': 'paragraph', 'content': "Automated tools like sqlmap can be used to detect the vulnerability by targeting the 'sid' parameter with crafted SQL injection payloads."}, {'type': 'list_item', 'content': 'Use sqlmap with a command similar to: sqlmap -u "http://target/update_purchase.php?sid=1" --risk=3 --level=5 --dbms=mysql --technique=U,B,T'}, {'type': 'list_item', 'content': 'Manually test with UNION-based payloads injecting a UNION ALL SELECT statement with 23 columns to check for data leakage.'}, {'type': 'list_item', 'content': 'Use Boolean-based blind SQL injection payloads by adding conditional AND statements to infer true/false responses.'}, {'type': 'list_item', 'content': 'Use time-based blind SQL injection payloads by injecting SLEEP functions to detect injection via response delays.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
I don't know
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know