Primary

Context

SourceCodester Sales and Inventory System SQL Injection Vulnerability in Sales Invoice Component

Vulnerability

A SQL injection vulnerability has been identified in SourceCodester Sales and Inventory System version 1.0. The issue resides in the sales_invoice1.php file, specifically within the GET parameter handler. The vulnerability allows authenticated attackers to manipulate the sellid parameter, leading to unauthorized database access. Exploitation can be performed remotely, and public proof-of-concept is available.

Impact

Successful exploitation allows attackers to execute arbitrary SQL commands, potentially leading to unauthorized data retrieval, database enumeration, and manipulation of database records.

Reproduction

To reproduce this vulnerability, log into the application and send a crafted HTTP GET request to sales_invoice1.php. Inject SQL payloads into the sellid parameter. Alternatively, use sqlmap to automate the exploitation.

Added: Mar 9, 2026, 3:18 AM

Updated: Mar 9, 2026, 3:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SourceCodester Sales and Inventory System SQL Injection Vulnerability in Sales Invoice Component

Vulnerability

Impact

Reproduction

Affected Products

SourceCodester Sales and Inventory System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating