CVE-2026-3793 PUBLISHED

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file sales_invoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

• FuKun (VulDB User) reporter

• VDB-349760 | SourceCodester Sales and Inventory System GET Parameter sales_invoice1.php sql injection
• VDB-349760 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #768048 | SourceCodester Inventory System 1.0 SQL Injection
• https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-SalesInvoice1-sellid.md
• https://www.sourcecodester.com/

• SQL Injection CWE
• Injection CWE